DevSecOps Guides

Supply Chain Security Labs

We wrote 38 hands-on labs covering every signing and supply chain verification technique we use during DevSecOps assessments. Each lab walks through a…

Mar 27 • Reza

Container Image Security Labs 2026

We wrote 35 hands-on labs covering every security problem we find in container images -- from Dockerfile misconfigurations through registry hardening to…

Mar 20 • Reza

Continuous Delivery Security Labs

35 security labs covering ArgoCD and GitHub Actions.

Mar 13 • Reza

2

Terraform Security Labs

We wrote 40 hands-on labs that cover the security mistakes we keep finding in Terraform codebases.

Mar 6 • Reza

1

February 2026

Container Security Labs in 2026

Container Vulnerabilities and Security Misconfiguration with exploitation and mitigation techniques.

Feb 27 • Reza

Secure Coding Labs in 2026

53 secure coding labs in various language

Feb 20 • Reza

2

1

HTTP Request Smuggling: The Silent Protocol Desync Attack

When proxies speak different dialects of HTTP, attackers find the gaps between words.

Feb 6 • Reza

1

December 2025

Nix Package Management: The Attacker vs Defender Battlefield

Nix becomes the most auditable supply chain in application layer

Dec 19, 2025 • Reza

2

Investigate Incident with Logs like Ninja

dev/sec/ops important services logs

Dec 12, 2025 • Reza

2

Secret Alternatives for DevSecOps Engineers

some techniques to reduce use secret for devops environments and cloud native apps

Dec 5, 2025 • Reza

November 2025

Feature Flagging for DevSecOps Engineer

enable or disable feature specifically security feature

Nov 28, 2025 • Reza

DevSecOps Process Management

Covers eight core processes that span the software delivery lifecycle. Each process includes implementation details for different organizational…

Nov 21, 2025 • Reza

3

1