Skip to content
ITNotes ITNotes

From Terminal to Cloud

  • AI
  • DevOps
  • HomeLab
  • Linux
  • Networking
  • Programming
  • English
    • English
    • Tiếng Việt
    • 日本語
  • AI
  • DevOps
  • HomeLab
  • Linux
  • Networking
  • Programming
  • English
    • English
    • Tiếng Việt
    • 日本語
Home » DevSecOps
Security tutorial - IT technology blog
Posted inSecurity

Hardening Your CI/CD Pipeline: A Practical Guide to SCA, SAST, and DAST

June 3, 2026
Catch vulnerabilities before they reach production. This guide shows you how to integrate SCA, SAST, and DAST into your CI/CD pipeline for a 'Shift Left' security approach.
Read More
Security tutorial - IT technology blog
Posted inSecurity

Threat Modeling with STRIDE: Analyze Security Risks Before Writing a Single Line of Code

May 29, 2026
STRIDE threat modeling helps you identify security risks in web apps and APIs before writing code — catching authentication flaws, privilege escalation, and data leaks at the design stage. This guide walks through practical tools like OWASP Threat Dragon and pytm, with real examples for REST API architectures.
Read More
Security tutorial - IT technology blog
Posted inSecurity

Stop SSRF in Its Tracks: A Hardened Guide to API & Web Security

May 24, 2026
Is your server secretly attacking your internal network? Learn how to prevent SSRF vulnerabilities using Python IP validation, AWS IMDSv2, and network-level egress filtering.
Read More
Security tutorial - IT technology blog
Posted inSecurity

Killing the Manual Audit: Automated Android Security with MobSF and Docker

May 16, 2026
Ditch manual decompilation. Learn to deploy MobSF on Docker for rapid Android security audits, catching hardcoded secrets and OWASP vulnerabilities in minutes.
Read More
Security tutorial - IT technology blog
Posted inSecurity

Automating Infrastructure Security: A Hands-On Guide to Nuclei

May 14, 2026
Ditch the manual security audits. Learn how to use Nuclei to automate vulnerability scanning on your Linux servers with community-verified templates.
Read More
Security tutorial - IT technology blog
Posted inSecurity

Hunting BOLA: How to Audit Your API Security with OWASP ZAP

May 12, 2026
BOLA is the top risk for modern APIs. Discover how to use OWASP ZAP to automate your security testing, find authorization bugs, and harden your code.
Read More
Security tutorial - IT technology blog
Posted inSecurity

Centralizing Vulnerability Management: A Practical Guide to DefectDojo, Trivy, and Semgrep

May 10, 2026
Streamline your security workflow by centralizing findings from Trivy, Nmap, and Semgrep. This guide walks you through setting up DefectDojo and automating your vulnerability management.
Read More
Security tutorial - IT technology blog
Posted inSecurity

Stop Trusting Tags: Secure Your Container Supply Chain with Cosign

April 29, 2026
Container tags are easily spoofed. Learn how to use Cosign and Sigstore to sign your images and protect your Kubernetes clusters from supply chain attacks.
Read More
Security tutorial - IT technology blog
Posted inSecurity

Stop Shipping Vulnerabilities: Automating SAST with Semgrep

April 29, 2026
Catch vulnerabilities before they hit production. This guide shows you how to use Semgrep to automate security scans in your CI/CD pipeline, reducing manual review time and preventing costly leaks.
Read More
Security tutorial - IT technology blog
Posted inSecurity

Hunting Leaked Secrets: Using TruffleHog to Secure Your Git History

April 28, 2026
Accidentally committed an API key? Learn how to use TruffleHog to scan your Git history, verify if secrets are still active, and remove them permanently.
Read More

Posts pagination

1 2 Next page
Copyright 2026 — ITNotes. All rights reserved.
Privacy Policy | Terms of Service | Contact: [email protected] DMCA.com Protection Status
Scroll to Top