Archive - DevSecOps Guides

Authentication Architecture Security Labs in 2026

We wrote 17 deep-dive labs covering authentication architecture patterns from Netflix, Meta, Cloudflare, Stripe, Slack, Discord, Uber, and AWS.

May 29 • Developer Advocate

AI Development and Agentic Security Labs in 2026

Deep-dive labs covering every security pattern for AI-powered applications, agentic systems, and spec-driven development. The labs cover Genkit AI…

May 22 • Developer Advocate

Kubernetes Security Flash Card

A field deck for Kubernetes operators, attackers, and the people in the middle, Eighteen Flashcards for Kubernetes Security on v1.32 and v1.33.

May 15 • Developer Advocate

April 2026

AWS ECR Security Labs in 2026

We wrote 32 hands-on labs covering every security control for AWS Elastic Container Registry. Each lab walks through a real misconfiguration we find…

Apr 10 • Developer Advocate

SBOM and Bill of Materials Security Labs in 2026

We wrote 35 hands-on labs covering every aspect of Software Bill of Materials and its variants. Each lab walks through a real gap in visibility, shows…

Apr 3 • Developer Advocate

March 2026

Supply Chain Security Labs

We wrote 38 hands-on labs covering every signing and supply chain verification technique we use during DevSecOps assessments. Each lab walks through a…

Mar 27 • Developer Advocate

Container Image Security Labs 2026

We wrote 35 hands-on labs covering every security problem we find in container images -- from Dockerfile misconfigurations through registry hardening to…

Mar 20 • Developer Advocate

Continuous Delivery Security Labs

35 security labs covering ArgoCD and GitHub Actions.

Mar 13 • Developer Advocate

Terraform Security Labs

We wrote 40 hands-on labs that cover the security mistakes we keep finding in Terraform codebases.

Mar 6 • Developer Advocate

February 2026

Container Security Labs in 2026

Container Vulnerabilities and Security Misconfiguration with exploitation and mitigation techniques.

Feb 27 • Developer Advocate

Secure Coding Labs in 2026

53 secure coding labs in various language

Feb 20 • Developer Advocate

HTTP Request Smuggling: The Silent Protocol Desync Attack

When proxies speak different dialects of HTTP, attackers find the gaps between words.

Feb 6 • Developer Advocate

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts