Best of DevSecOpsDecember 2025

  1. 1
    Article
    Avatar of octopusdeployOctopusDeploy·24w

    OWASP Top Ten: 20 years of Application Security

    Twenty years of OWASP Top 10 data shows application security fundamentals haven't improved—the same vulnerabilities persist across new technologies. SQL injection evolved into NoSQL injection, GraphQL manipulation, and now prompt injection. Broken access control remains the top issue. Supply chain attacks emerged as a major threat vector with npm packages and CI/CD pipelines becoming targets. While authentication improved with passkeys, authorization still fails consistently. The article provides practical guidance: shift-left security with runtime monitoring, assume dependency compromise, treat authorization like authentication, and understand that every developer is part of the security team. Leaders must invest in training, tooling, and observability rather than just buying security products.

  2. 2
    Article
    Avatar of cloudnativenowCloud Native Now·21w

    Best of 2025: Hardening Kubernetes Security with DevSecOps Practices

    Kubernetes security requires a fundamental shift from traditional perimeter-based approaches to DevSecOps practices. The article explores common security pitfalls including misconfigurations, runtime blind spots, and under-secured internal APIs. Key strategies include automation throughout the development lifecycle, policy-as-code enforcement using tools like OPA Gatekeeper, runtime security monitoring, and risk-based vulnerability prioritization. Success depends on cultural transformation with executive support, blameless postmortems, and shared responsibility. Emerging trends like GitOps for security management, eBPF for deeper observability, and AI-enhanced threat detection promise to further strengthen cloud-native security postures.

  3. 3
    Article
    Avatar of roadmaproadmap.sh·23w

    NEW ROADMAP: DevSecOps

    A comprehensive learning roadmap for becoming a DevSecOps expert, covering the essential skills, tools, and practices needed to integrate security into DevOps workflows. The guide provides a structured path from foundational concepts through advanced security automation and implementation strategies.

See all DevSecOps archives