Blog

From DevOps to DevSecOps: Practical Lessons from the Trenches

March 9, 2026 13 min read

How a hands-on DevSecOps certification and several real projects – Python tasks, a Django shop, APIs and infrastructure automation – changed the way I think about security.

devsecops security devops automation vault logging

Graylog AI Summary: Daily error and security log summaries via Ollama

March 8, 2026 4 min read

Why a daily LLM digest beats static alerts, and how graylog-ai-summary turns Graylog logs into a short report in Telegram or Slack

devops automation graylog ollama monitoring

vaultsh: CLI Wrapper for HashiCorp Vault

HashiCorp Vault - Part 4

March 8, 2026 4 min read

A standalone CLI wrapper that bundles common Vault admin tasks: OIDC login, session checks, KV read/write, and diagnostics, with native Python menus (arrow keys, shortcuts)

devops vault tooling automation cli

Ansible Vault Password from HashiCorp Vault – Wrapper Script

HashiCorp Vault - Part 3

March 7, 2026 4 min read

How I use a wrapper script to pull the Ansible Vault password from HashiCorp Vault so I don't keep it locally while migrating repos to Vault

devops ansible vault secrets automation

Deploying HashiCorp Vault with Ansible

HashiCorp Vault - Part 2

March 6, 2026 4 min read

How I deploy a Vault instance with Ansible – reproducible, documented, and ready for your first secrets

devops ansible vault automation

What is HashiCorp Vault?

HashiCorp Vault - Part 1

March 6, 2026 5 min read

An introduction to HashiCorp Vault: what it is, what it does, and how the concept of centralised secrets management is meant to work

devops vault secrets security

Bypassing Quotes Filters: String.fromCharCode() to the Rescue

XSS Series - Part 6

December 20, 2025 2 min read

Learn how String.fromCharCode() can bypass filters that remove quotes, and why filtering specific characters isn't enough for XSS protection

security xss web-security ctf string-fromcharcode filter-bypass

Building llmsh: Natural Language Commands for the Terminal

December 19, 2025 6 min read

How I built a zsh plugin that transforms natural language into shell commands using Ollama and fzf, making terminal workflows faster and more intuitive

devops automation terminal zsh llm tooling

Bypassing Parentheses Filters: Template Literals to the Rescue

XSS Series - Part 5

December 19, 2025 3 min read

Learn how JavaScript template literals can bypass filters that remove parentheses, and why filtering specific characters isn't enough for XSS protection

security xss web-security ctf template-literals filter-bypass

Bypassing Filters with JSFuck: When Character Restrictions Aren't Enough

XSS Series - Part 4

December 18, 2025 6 min read

Learn how JSFuck can bypass filters that remove alphanumeric characters, and why simple character filtering is insufficient for XSS protection

security xss web-security ctf jsfuck filter-bypass

Persistent XSS Through APIs: A Practical Analysis

XSS Series - Part 3

December 17, 2025 9 min read

Exploring how persistent XSS vulnerabilities can be exploited through API endpoints and how to prevent them

security xss api injection owasp

Learning XSS Through Practice: Baby Challenge Walkthrough

XSS Series - Part 2

December 16, 2025 8 min read

A beginner-friendly walkthrough of three XSS challenges that teach you exactly what Cross-Site Scripting is and how it works through hands-on practice

security xss web-security ctf learning beginner

Understanding XSS: Cross-Site Scripting Basics

XSS Series - Part 1

December 15, 2025 19 min read

A comprehensive introduction to Cross-Site Scripting (XSS) attacks, covering types, techniques, and defense strategies

security xss web-security owasp javascript

Route Discovery in SPAs: Security Testing with Headless Browsers

November 28, 2025 7 min read

Building a custom tool for discovering hidden routes in Single Page Applications using headless browser automation

security spa reconnaissance selenium automation owasp

Understanding Brute Force Attacks: From Theory to Practice

November 10, 2025 8 min read

A practical guide to brute force attacks, demonstrating exploitation techniques and mitigation strategies using OWASP Juice Shop

security brute-force authentication python owasp

Getting Started with Web Security Testing

July 15, 2025 4 min read

Personal introduction to web security testing and the OWASP Juice Shop learning journey

security learning owasp introduction