DevSecOps - Security in software development
Everything about DevSecOps: security in CI/CD, SAST/DAST, container security, shift-left, automated security testing. Expert guides by nFlo.
Topics in this hub
DevSecOps & CI/CD
5 articlesSecurity integration in CI/CD pipelines
Container Security
4 articlesKubernetes, Docker and container security
Code Security Testing
10 articlesSAST, DAST and secure coding practices
All articles about DevSecOps
CVE-2026-42826: Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized...
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network....
What is DevSecOps? Definition, practices and tools for secure development
DevSecOps integrates security into every stage of the SDLC. Key practices, tools and how to implement a shift-left security culture.
Machine-readable security attestations — automating compliance in CI/CD
Static compliance reports cannot keep pace with modern development. Machine-readable security attestations enable automatic security verification on every CI/CD pipeline run.
CVE-2026-33105: Improper authorization in Microsoft Azure Kubernetes Service
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network....
IAST — What Is Interactive Application Security Testing?
IAST (Interactive Application Security Testing) combines the strengths of SAST and DAST by analyzing applications from the inside during runtime. Learn how it works, compare it with other AST methods, and discover best practices for integration into CI/CD pipelines.
RTO and RPO — What Are Recovery Time Objective and Recovery Point Objective?
RTO and RPO are two fundamental metrics in disaster recovery planning that define how quickly systems must be restored and how much data loss is acceptable after an incident.
SaaS company security — how to protect your product, customer data and reputation
SaaS companies store thousands of customers' data – a breach destroys trust. Learn product security strategies, data protection, and compliance for SaaS vendors.
What Is DRP (Disaster Recovery Plan) and How Does It Work? Key Elements
Disaster Recovery Plan (DRP) is a comprehensive strategy ensuring IT system continuity during major failures. An effective DRP reduces downtime-related financial losses by 75% and protects organizational reputation.
SBOM — Software Bill of Materials as the foundation of supply chain security
What is SBOM and why is it becoming a regulatory requirement? SPDX, CycloneDX formats, SBOM generation, CI/CD integration, and open source vulnerability management.
Business Continuity Plan (BCP) and Disaster Recovery (DRP) — A Practical Guide
Practical BCP/DRP guide: BIA, RTO/RPO, 3-2-1-1 backup strategies, DR plan testing, NIS2/DORA requirements. Case study: ransomware recovery in 4 hours.
Crisis Management in Cybersecurity — A Complete Guide
Crisis management involves planning and coordinating responses to security incidents. Learn the stages, tools, and best practices for responding to cyberattacks.
What is Backup? 3-2-1 Strategy, Backup Types, and Disaster Recovery
Backup is a copy of data that protects against data loss. Learn the 3-2-1-1-0 strategy, backup types, and disaster recovery planning.
API Penetration Testing — a complete guide to API security testing
API penetration testing — OWASP API Security Top 10, REST vs GraphQL vs gRPC, tools, methodologies. Learn how to secure your APIs.
Business Continuity Plan (BCP) and Disaster Recovery — How to Prepare Your Organization for the Worst
Comprehensive guide: BIA, RPO/RTO, 3-2-1-1-0 rule, backup sites, plan testing, and NIS2, DORA, ISO 22301 requirements — all in one place for IT teams and boards.
Business Continuity (BCP/DR) and Cybersecurity: How to Survive a Ransomware Disaster
Your Disaster Recovery plan assumes that the server room floods and you restore everything from backups. But what if the disaster isn't water, but ransomware that has encrypted not only your production servers, but also your backups? In the era of cyber attacks, business continuity (BCP) and disaste
Ransomware
Learn what ransomware is and how to protect your company from this type of cyber threat. Discover strategies, tools, and best practices that can help prevent and respond to ransomware attacks.
Data Leaks and Ransomware Attacks Are the Biggest Threats to Organizations
Learn why data leaks and ransomware attacks are the biggest threats to organizations. Discover data protection strategies and best practices that can help minimize the risk of these attacks.
SAST and DAST Synergy
Learn how the synergy between SAST and DAST can enhance your software security. Discover the benefits of combining static and dynamic testing.
DevSecOps: How to Secure Your DevOps Environment? Best Practices and Tools
DevSecOps integrates security into the DevOps process from the planning stage, enhancing application protection.
Application monitoring - from performance to security
Effective application monitoring is the key to application performance and security. Find out what tools and methods will help you optimize your IT systems.
What is CSP (Content Security Policy) and How Does It Work?
Learn what CSP (Content Security Policy) is, how it works, and why it's an important element of website protection.
Cyber Trends: Ransomware
Learn about the latest cyber trends related to ransomware. Find out how these threats are evolving and what protection strategies are most effective in preventing ransomware attacks on your organization.
RTO and RPO — How to Determine Recovery Objectives for Your Organization
RTO and RPO guide: definitions, tiers (from <1h to 72h), BIA methodology, backup/DR technology mapping, costs, and NIS2/DORA requirements.
Security by Design — Building Security from the Start
Security by Design is an approach where security is an integral part of the system from the earliest design stages — not an add-on implemented after development is complete.
What Is OpenShift? Kubernetes, Container Security, and Enterprise Deployment
OpenShift is Red Hat's Kubernetes-based platform for container management. Learn OpenShift vs Kubernetes differences, security, and use cases.
What is CWE? Guide to Common Weakness Enumeration
CWE (Common Weakness Enumeration) is a catalog of common software weaknesses. Learn about CWE Top 25, the difference between CWE and CVE, and how to use CWE in secure software development.
OWASP Top 10: A Guide to the Top 10 Threats to Web Applications.
For more than 20 years, the OWASP Top 10 list has been the most important guidepost for developers and security professionals around the world. This is not a theoretical document, but a ranking of the most serious and common threats based on real data. The latest edition of the list shows a clear tr
Kubernetes security: How to protect K8s clusters and containers from attacks?
Kubernetes has become the de facto operating system for the cloud, offering incredible scalability and flexibility. However, its default configuration is often too open, and the complexity of the architecture creates many potential attack vectors. Securing a K8s cluster is not an option, it's a nece
What is Secure SDLC? - Secure software lifecycle
In the traditional model, security was the brake - the team that said
DevSecOps in practice: How to build security into the application lifecycle, rather than tacking it on at the end?
In the traditional model, security was the brake - the team that said
Office 365 Backup
Learn how to effectively backup Office 365 data. Discover best practices and tools that ensure the security and availability of your cloud data.
Backup that saves production: 3 disaster recovery scenarios for SCADA and PLC systems after an attack
Imagine that, despite the best security measures, a ransomware attack broke through your defenses and encrypted key control systems. Production stalls. Hackers demand a ransom. At this point, your company is faced with two paths: panic and gigantic losses, or calm and methodically launch a recovery
OT Cybersecurity Audit for Water Utilities: The Key to Securing a PLN 1.3M Grant
The
What Is Disaster Recovery? A Complete Guide to Data Recovery Planning for Your Business
Fire in a server room. A paralyzing ransomware attack. A prolonged power outage. Most companies think
What is Kubernetes? A complete guide to managing containers in the cloud
In the modern IT world, containers have revolutionized the way applications are built and deployed. But how do you manage hundreds or thousands of these containers at scale? The answer is Kubernetes. This guide is an in-depth introduction to the de facto standard for container orchestration. Step by
What is DevOps? A complete guide to cultural and technology transformation in IT
Are your development and operations teams working in perpetual conflict, blaming each other for mistakes and delays? It's a
What is DevOps and How to Accelerate Software Delivery with This Work Culture?
For years, developers and administrators were like two warring tribes, separated by a
Dell EMC PowerStore – Revolutionary Storage Array
Discover Dell EMC PowerStore, a revolutionary data storage array. Learn how this innovative solution increases performance and efficiency of data storage. Discover key PowerStore features and benefits for your company.
RidgeBot® in DevSecOps: How to Balance DevOps Speed with CI/CD Security?
Development teams are working under tremendous pressure to deliver new features quickly and efficiently. Incorporating time-consuming, manual security testing into this process is a huge challenge. This article shows how automated penetration testing platforms, such as RidgeBot®, are becoming an
What is SQL Injection? Definition, Operation, Threats, and Protection
Learn about SQL Injection attacks - a technique that enables cybercriminals to manipulate SQL queries to gain unauthorized access to databases. Discover how these attacks work, what threats they pose, and how to effectively protect your applications.
Retesting and Remediation Validation After Pentests: Why and How to Verify Fixes
A pentest report alone doesn't improve security - implementing fixes is what counts. Retests verify whether remediation was effective. Learn how to organize a fix validation process.
Internal Pentest Team vs Outsourcing: Which Option to Choose
You won't avoid the 'build vs buy' dilemma with penetration testing. Learn the arguments for and against an internal team and outsourcing - and discover when each model makes sense.
Veeam Kasten for Kubernetes: Complete Guide to Cloud-Native Data Protection
Veeam Kasten is the #1 Kubernetes data protection platform. Version 8.5 introduces KubeVirt VM protection and AI workload backup. Learn how to protect your cloud-native applications.
What is Infrastructure as Code? - A compendium of knowledge
Learn what IaC is, its benefits, and how it helps automate infrastructure management to increase IT efficiency.
Obfuscation - Code obfuscation - What is it, how does it work and how to detect it?
Learn about obfuscation - a code obfuscation technique, its uses, how it works and how to detect it for security analysis.
Cybersecurity in Software Development - Best Practices
Improve your software security by applying proven cybersecurity practices at every stage of development.
Source Code Audit - What It Is, How It Works, and Why You Should Do It
Learn how source code auditing can help secure your software against cyber threats. Overview of techniques and benefits.
Web Application Penetration Testing - What It Is and How It Works
Learn about the process and benefits of conducting web application penetration testing. Find out how to effectively identify security vulnerabilities.
IBM Instana and Enterprise Cloud Strategy
IBM Instana from nFlo: supporting enterprise cloud strategy. Optimize performance and application monitoring in the cloud.
IBM Instana and DevOps: An Integrated Approach to Monitoring
IBM Instana and DevOps from nFlo: an integrated approach to monitoring. Increase efficiency and control over your IT infrastructure.
IBM Instana: Increasing Application Operational Efficiency and Reducing Downtime
IBM Instana from nFlo: increase application operational efficiency and reduce downtime. Optimize your IT infrastructure.
Digital Transformation with HCL Workload Automation
Digital transformation with HCL Workload Automation from nFlo: automate processes and increase your company's efficiency.
How IBM Global Mirror Works: A Comprehensive Technology Review of Data Replication
Learn about IBM Global Mirror - a comprehensive overview of technology for long-distance data replication, ensuring business continuity and protection against data loss.
What Are Mobile Application Penetration Tests and How Do They Work?
Learn how mobile application penetration tests help identify and eliminate security vulnerabilities. Discover the methods and tools used in these tests.
DevOps Support with RidgeBot
Support your DevOps team with RidgeBot by automating security testing. Learn about the benefits of continuous monitoring and integration with DevOps tools.
IT Automation with Red Hat Ansible Automation Platform
Automate IT management with Red Hat Ansible Automation Platform. Learn how this solution simplifies deployment, configuration management, and operations in IT environments.
Scalability Benefits with Red Hat OpenShift
Red Hat OpenShift is the key to cloud application scalability. Learn how to increase the flexibility and performance of your IT systems with this solution.
Penetration Testing: Definition, Details – Q&A
Learn what penetration testing is and how it can increase your company's security. Get the definition, details, and answers to the most frequently asked questions about penetration testing.
Want to implement DevSecOps?
nFlo will help you integrate security into your CI/CD pipelines, implement SAST/DAST testing and secure your container environments.
Related Topics
Cloud Security
Cloud security - protecting AWS, Azure and GCP environments
Vulnerability Management
Vulnerability management - identification, prioritization and remediation
Penetration Testing
Pentesting - simulated attacks to identify vulnerabilities
Zero Trust
Zero Trust security model - never trust, always verify
Want to Reduce IT Risk and Costs?
Book a free consultation - we respond within 24h
Or download free guide:
Download NIS2 Checklist