DevOps combines culture, skills and tools nicely. But how does security fit in?
We answer this question by keeping our eyes on both — whether it's DevSecOps or SecDevOps, it's about integrating security into DevOps workflows as soon as possible. Find the latest DevOps security trends and challenges in the articles below.
The role of secure coding in DevSecOps
June 14, 2024, 9:11 am
Developers
Devops
Testers
Secure coding as an integral part of DevSecOps - How does it relate to effectively addressing security challenges?
Read more
Spring4Shell reflections
April 6, 2023, 10:40 pm
Developers
Devops
Testers
Java
Spring4Shell was a new-old type of code-execution bug exploiting the Spring Java framework. What can we learn from it?
Read more
The aftershocks of Log4Shell: RMI and beyond
February 23, 2022, 12:54 am
Developers
Devops
Testers
Java
The SSRF-ability of JNDI has implications beyond Log4Shell - as proven by other, similar vulnerabilities popping up recently.
Read more
The cautionary saga of Log4Shell – Part 3
February 11, 2022, 6:25 pm
Developers
Devops
Testers
Java
What we can learn from the problems that put log4j into the spotlight of software security in the past months.
Read more
The cautionary saga of Log4Shell – Part 2
January 26, 2022, 2:21 pm
Developers
Devops
Testers
Java
Learn why JNDI and LDAP are two flavors that go great together, and what makes Log4Shell important from a secure coding perspective.
Read more
The cautionary saga of Log4Shell – Part 1
January 14, 2022, 1:28 pm
Developers
Devops
Testers
Java
log4j is a popular Java logging component. Let's deep dive into the vulnerabilities that put it in the crossfire recently.