Security risks evolve across the software lifecycle.
Where do you test security? What triggers testing? What is the objective at each stage?
These factors directly influence the quality, frequency, and severity of findings.
#SecurityTesting #SoftwareSecurity #DevOps #DevSecOps
1
pull_request_target plus a checkout of fork code is how a lot of these supply chain incidents start: attacker code runs with your secrets in scope. Pin to SHAs all you want - if the publish token sits in that runner, it's already gone. #DevSecOps #SupplyChainSecurity
2
Protect your network from native VLAN mismatch attacks. Learn how to harden trunk ports with a dedicated, unused native VLAN and disable auto-trunking to prevent hopping exploits. Practical Linux security. #DevOps #DevSecOps #developers #sysadmin #networking More: valtersit.com/vault/native-v…
4
Security teams that treat developers as adversaries will lose. Security teams that treat developers as partners and make secure coding easy will win. The shift from gatekeeper to enabler is the most important cultural change in DevSecOps. #DevSecOps
1
For a Senior Cybersecurity Engineer,
it will be good if you have an understanding of the below 50 topics 👇
1. Networking
2. TCP/IP
3. DNS
4. HTTP/HTTPS
5. SSL/TLS
6. Firewalls
7. VPNs
8. IDS
9. IPS
10. SIEM
11. Linux Security
12. Windows Security
13. IAM
14. Active Directory
15. MFA
16. OAuth
17. JWT
18. SSO
19. RBAC
20. Zero Trust
21. Cryptography
22. Symmetric Encryption
23. Asymmetric Encryption
24. Hashing
25. PKI
26. Key Management
27. Secure Coding
28. OWASP Top 10
29. Threat Modeling
30. Vulnerability Assessment
31. Penetration Testing
32. Red Teaming
33. Blue Teaming
34. Incident Response
35. Digital Forensics
36. Malware Analysis
37. Reverse Engineering
38. Cloud Security
39. AWS Security
40. Azure Security
41. Kubernetes Security
42. Container Security
43. DevSecOps
44. Security Automation
45. Threat Intelligence
46. SOC Operations
47. Compliance
48. Risk Management
49. Disaster Recovery
50. Business Continuity
Cybersecurity isn't a tool.
It's an endless mindset.
1
2
9
162
AWS Lambda Tenant Isolation Guide #cloud #platformengineering #sre #devops #devsecops #lambda #aws This is a clip from our recent Ship It Weekly Podcast episode. Visit link in bio to listen to the full episode!
8
🆕【DX Next検定攻略 Vol.10】セキュリティ技術KW15選!
✅ファイアウォール・IDS/IPS・WAF・VPN・EDR
✅CASB・SASE・DevSecOps・XDR
✅AI活用セキュリティなど徹底解説!
📚実話エピソード3本付き
📚Equifax1.47億人漏洩
📚MGMリゾーツ1億ドル被害
📚MOVEit2500社攻撃
🎬youtu.be/TIGT5GsL5B8
#DXNext検定 #セキュリティ技術 #サイバーセキュリティ #NGFW #WAF #EDR #CASB #SASE #DevSecOps #XDR #情報セキュリティ #DX推進
72
HostingJournalist.com retweeted
Chaim Mazal - GitLab -: Chaim Mazal has joined GitLab, the DevSecOps intelligent orchestration platform, as Chief Information Security Officer (CISO). Mazal is in charge of GitLab's worldwide security division, which is in charge of the platform's and… dlvr.it/TT1MQg
1
25
$GTLB — Le thread que personne ne veut écrire.
GitHub, c'est Microsoft avec un abonnement.
GitLab, c'est la souveraineté logicielle de l'entreprise — cloud-neutral, AI-native, et le seul acteur qui couvre l'intégralité du cycle DevSecOps sur un seul control plane.
Les chiffres parlent d'eux-mêmes :
📦 23% de croissance revenus au Q1 FY2027
💰 $146,7M de free cash flow en un seul trimestre
🔒 117% de Net Revenue Retention
🏢 18% de clients >$100K ARR
Ils viennent de tailler 14% des effectifs et de sortir de 22 pays.
Ce n'est pas une faiblesse. C'est de la discipline.
Les marges vont exploser.
Wall Street hésite encore. Moi non.
La machine à cash est lancée. $1B d'ARR franchi. Duo Agent Platform en phase d'accélération.
L'IA ne tue pas GitLab.
Elle fait de GitLab l'infrastructure obligatoire de l'ère agentique.
#GTLB #DevSecOps #AI
77
Elementor: 74 #CVEs, 100% unpatched. Avg #CVSS 5.9, max 8.8. Top weakness: XSS (CWE-79). Trust Score: C. Popular WordPress plugin = huge attack surface. Patch now. #Elementor #WordPress #cybersecurity #InfoSec #stockmarkettrader #DevSecOps More about company: valtersit.com/vendors/elemen…
11
Mattermost ships a new MIT-licensed version every month on the 16th. This self-hosted Go/React platform adds AI, workflow automation, and voice calling for DevSecOps teams.
foursignals.dev/wire/2026-06…
1
#CVE-2026-50085 - Unauthenticated MQTT command injection in #Aqara Board service. #CVSS 8.6. Remote device takeover possible when chained with other flaws. Monitor and isolate affected systems. #infosec #cyber #cybersecurity #devsecops More info: valtersit.com/cve/CVE-2026-5…
35
SuiteCRM 49 CVEs tracked 23 critical/high severity Avg CVSS 7.0 max 10 100% unpatched Trust Score D Top flaws SQL injection (CWE-89) & XSS (CWE-79) Open source CRM needs vigilance #SuiteCRM FREE #infosec #CyberSecurity #investors #hackers #DevSecOps valtersit.com/vendors/suitec…
6
Set up an access VLAN with a descriptive name and assign it directly to an interface. Streamline network segmentation and reduce manual config errors. #devops #devsecops #networking #network #net #Linux #Ubuntu More detailed info: valtersit.com/vault/create-a…
5
#phpmyfaq: 46 #CVEs, 100% unpatched. 18 critical/high, max CVSS 9.8. Top flaws: XSS (CWE-79) & #SQLi (CWE-89). Trust Score: D. Open source ≠ secure. Patch or migrate. #cybersecurity #infosec #devops #linux #devsecops #developers #database Detailed info: valtersit.com/vendors/phpmyf…
9
Chaim Mazal has joined GitLab, the DevSecOps intelligent orchestration platform, as Chief Information Security Officer (CISO). Mazal is in charge of GitLab's worldwide security division, which is in charge of the platform's and the company's overall security. His knowledge of AI and security operations will assist guarantee that GitLab provides the security rigor needed by AI agents, including dealing with new, AI-driven threats. @gitlab
HostingJournalist.com/movers…
17
CVE-2026-50010 - High severity flaw in Netty's X509TrustManager wrapper. SSLEngine discarded in trust checks, potentially enabling MITM attacks. CVSS 7.5 Monitor & mitigate #CVE #Netty #infosec #CyberSecurity #DevSecOps #developers #linux #python FREE LAB valtersit.com/cve/CVE-2026-5…
40