The DevSecOps course and preset training plan addresses all five phases of the application lifecycle, including pre-development, development, testing, deployment, and ongoing maintenance. These 26 lessons and articles help development, security, and operations professionals improve their secure coding knowledge and enhance the security of the apps you deliver.
KEYLessons: italicized Articles: bold |
Pre-Development:
Threat Modeling
Commit Hooks
IDE Security Plugins
Development:
Intro to Git Hooks
Security Code Reviews
Security Unit Tests
Docker Intro
Dockerfile Intro
Docker Container Hardening
Container Size Limiting
Testing:
SAST
DAST
Dependency Management
Docker Image Scanning
Security Acceptance Testing
Kubernetes Static Analyzer
Deployment:
Docker Secret Handling
Security Smoke Tests
Infrastructure as Code
Security Configuration Management
Server Hardening
Secrets Management
Ongoing:
Continuous Monitoring
Penetration Testing
Blameless Postmortems
Threat Intelligence