Tag: Security
Browse all articles, tutorials, and guides about Security
Guides
Code Review for Security
Learn to identify security vulnerabilities during code reviews. Master security-focused review techniques, common vulnerability patterns, and effective feedback strategies.
Cryptography Essentials
Master the cryptographic fundamentals every DevOps engineer needs: symmetric and asymmetric encryption, hashing algorithms, TLS/SSL certificates, and Public Key Infrastructure (PKI).
CI/CD Pipeline Hardening
Learn to secure your CI/CD pipelines against supply chain attacks. Master runner isolation, artifact signing, configuration security, and pipeline-as-code best practices.
Pre-commit Hooks for Security
Implement security checks before code is committed using git hooks. Learn gitleaks, detect-secrets, and the pre-commit framework to catch vulnerabilities early.
Static Application Security Testing (SAST)
Master Static Application Security Testing (SAST) with SonarQube, Semgrep, and CodeQL. Learn to detect vulnerabilities in source code before they reach production.
Secure Coding Practices
Learn essential secure coding practices for DevOps: input validation, output encoding, error handling, secure defaults, and defense in depth for web applications and APIs.
Threat Modeling
Master threat modeling methodologies including STRIDE, DREAD, and attack trees. Learn to identify, analyze, and prioritize security threats in your systems with practical exercises.
OWASP Top 10
Learn about the OWASP Top 10 web application security risks. Understand each vulnerability, see real-world examples, and learn how to prevent them in your applications.
Security Principles
Master the fundamental security principles every DevSecOps engineer needs to know. Learn CIA Triad, Defense in Depth, Least Privilege, and Zero Trust concepts with practical examples.
Posts
Docker Image Optimization: Best Practices for Smaller, Faster Images
Learn proven strategies to optimize Docker images: multi-stage builds, layer caching, base image selection, and security hardening. Reduce image size by up to 90% while improving build times and security.
How to Get a List of All Valid IP Addresses in a Local Network?
Discover active devices on your local network using tools like nmap, arp-scan, and native OS commands. Learn network scanning techniques for inventory management, security audits, and troubleshooting.
Terraform: Failed to install provider, does not match checksums from dependency lock file
Troubleshoot the Terraform error about provider checksums not matching the dependency lock file and learn safe fixes and best practices.
Using SSH Keys Inside a Docker Container
Need to use SSH keys in your Docker container for git, automation, or remote access? Learn secure ways to provide SSH keys, best practices for builds, and how to avoid common pitfalls.
Connecting to PostgreSQL in a Docker Container from Outside
Expose PostgreSQL safely and connect from your host or another machine using Docker and Docker Compose. Covers port publishing, listen addresses, pg_hba.conf basics, and common troubleshooting.
How to create an SSH key in Terraform?
Learn how to generate and manage SSH keys in Terraform for secure access to your infrastructure.
How to Add SSH Keys to GCP Instances Using Terraform
Learn how to configure SSH key access for Google Cloud Platform compute instances with Terraform, including project-wide and instance-specific keys.
Capturing Mobile Phone Traffic on Wireshark
Learn how to capture and analyze network traffic from your mobile phone using Wireshark. Set up a proxy or WiFi hotspot to inspect HTTP/HTTPS requests, debug mobile apps, and understand what data your phone is sending.
How to Fix Terraform Provider Checksum Mismatch Errors
Running into 'doesn't match checksums from dependency lock file' errors when installing Terraform providers? Learn what causes this issue and how to resolve it safely.
Docker Compose: Understanding Ports vs Expose
Learn the key differences between ports and expose in Docker Compose, when to use each one, and how they affect container networking and security in your applications.
How to Change File and Folder Permissions Recursively in Linux
Learn how to use chmod command to change permissions for directories and all their subdirectories and files efficiently and safely.
How to Find the IP Address of an SSH Client
Learn multiple ways to identify the IP address of clients connected to your SSH server, from environment variables to logs and active connection monitoring.
How to Close Specific Ports on Linux Systems
Learn how to close and block specific ports on Linux using iptables, ufw, firewalld, and by stopping services. Secure your system by controlling port access.
What Does AssumeRole: Service: ec2 Do?
Understand the role of AssumeRole with Service: ec2 in AWS IAM policies and how it integrates with Terraform.
How to Retrieve a Secret in Terraform from AWS Secret Manager
Learn how to securely retrieve secrets from AWS Secret Manager using Terraform in your infrastructure as code workflows.
How to Attach Multiple IAM Policies to IAM Roles Using Terraform
Learn how to attach multiple IAM policies to a single IAM role in Terraform to manage permissions effectively.
How to Display Sensitive Data Output Variables in Terraform
Learn how to handle and display sensitive data output variables in Terraform safely and effectively.
Determining Minimum AWS Permissions for Terraform Configurations
Learn how to identify the minimum AWS permissions required for your Terraform configurations to enhance security and compliance.
How to Update a Kubernetes Secret Generated from a File
Learn how to update an existing Kubernetes secret when its data comes from a file, with practical kubectl commands and tips for safe secret management.
How to Specify a Private SSH Key for Git Commands
Learn multiple methods to use specific SSH keys with Git operations, from command-line options to SSH config files and environment variables, making it easy to manage multiple keys for different repositories.
Docker Security Best Practices
Secure your Docker environment from development to production with practical techniques for image hardening, runtime protection, and vulnerability management.
How to Sign In to the Kubernetes Dashboard
Learn how to securely access and sign in to the Kubernetes Dashboard, including token generation, best practices, and troubleshooting common login issues.
At Least One Invalid Signature Was Encountered
Understand the causes of invalid signatures in Kubernetes and learn how to troubleshoot and resolve them.
How to Decode a Kubernetes Secret
Kubernetes secrets store sensitive data in base64-encoded form. Learn how to safely decode and inspect these secrets using kubectl and command-line tools.