DevSecOps Guides

Continuous Delivery Security Labs

35 security labs covering ArgoCD and GitHub Actions.

Mar 13 • Reza

1

Terraform Security Labs

We wrote 40 hands-on labs that cover the security mistakes we keep finding in Terraform codebases.

Mar 6 • Reza

1

February 2026

Container Security Labs in 2026

Container Vulnerabilities and Security Misconfiguration with exploitation and mitigation techniques.

Feb 27 • Reza

Secure Coding Labs in 2026

53 secure coding labs in various language

Feb 20 • Reza

2

1

HTTP Request Smuggling: The Silent Protocol Desync Attack

When proxies speak different dialects of HTTP, attackers find the gaps between words.

Feb 6 • Reza

1

December 2025

Nix Package Management: The Attacker vs Defender Battlefield

Nix becomes the most auditable supply chain in application layer

Dec 19, 2025 • Reza

2

Investigate Incident with Logs like Ninja

dev/sec/ops important services logs

Dec 12, 2025 • Reza

2

Secret Alternatives for DevSecOps Engineers

some techniques to reduce use secret for devops environments and cloud native apps

Dec 5, 2025 • Reza

November 2025

Feature Flagging for DevSecOps Engineer

enable or disable feature specifically security feature

Nov 28, 2025 • Reza

DevSecOps Process Management

Covers eight core processes that span the software delivery lifecycle. Each process includes implementation details for different organizational…

Nov 21, 2025 • Reza

3

1

Secret Management Like a Ninja: A Tale of Compromise, Recovery, and Mastery

This article tells the story of how secrets fail, how attackers exploit them, and how defenders can build impenetrable secret management practices; all…

Nov 14, 2025 • Reza

Keycloak Tenants vs Realms: For Fun and Profit

Keycloak is an open-source Identity and Access Management (IAM) solution security best practices with attack scenario

Nov 7, 2025 • Reza