DevSecOps

When Docker first appeared, it was loved for the slogan: “Build once, run anywhere”. Developers stopped hearing the phrase “it works on my machine, but not on the server.” But along with convenience came a new threat.

A container is not just your application. It’s a whole mini-operating system (OS) with its own libraries, utilities, and system calls. And if you don’t look after that OS, you leave hackers with a huge door wide open.

Imagine you are building a house. You designed the walls yourself, checked every brick, and made sure you didn’t leave the keys in the lock. But what if the concrete you bought from a third-party supplier starts crumbling over time? Or the finished window frames you installed have hidden defects?

In modern development the situation is exactly the same. The average application today is 80–90% made up of Open Source libraries. You write only a small portion of the code (the tip of the iceberg) that orchestrates a huge mass of someone else’s code hidden “under the water”.

Have you ever wondered how experienced programmers find bugs in someone else’s code just by looking at it? They look for patterns. They know that if user data goes straight into an SQL query — that’s bad. If a password is compared with a plain == instead of a secure function — that’s a risk.

But a person can’t review 100,000 lines of code without missing something. This is where SAST (Static Application Security Testing) comes in.

Introduction: From Reactive Defense to Proactive Security

In 2025, attacks on servers are becoming increasingly sophisticated, and reactive measures (firewall, Fail2Ban, CrowdSec) are no longer enough. The modern DevSecOps approach requires proactive hardening—strengthening the system—to minimize the attack surface before public exploits appear.

Lynis remains one of the key open-source security auditing tools for Unix systems, but today it is crucial to complement it with integration into security standards frameworks (CIS, SCAP) and automation in CI/CD pipelines.

Losing access to the WordPress administrator account can be a real headache. Sometimes, standard password recovery methods (via email) don’t work, especially if:

• You forgot both your login and password.
• The site’s mail sending function (wp_mail) is broken.
• The WordPress admin panel is broken or unavailable.
• The only access left is to the database (via MySQL client, phpMyAdmin, WP-CLI, etc.).

In this article, we’ll walk through a reliable and secure way to find the WordPress administrator directly in the database and reset their password using SQL. We’ll follow DevSecOps best practices to avoid breaking serialized data and minimize risks.