Foundational: DevSecOps

Foundational principles of application security for DevSecOps engineers. (Video Only)

Total Learning Path Duration: 4 hours and 11 minutes

Introduction to Security Journey

Introduction to Security

Core Security Concepts

Security Culture and Mindset

Data Breaches

Security Business Case

Prioritizing Security

Translating Security

Risk Managment for AppSec

Privacy and Customer Data Protection

Dealing with Vulnerabilities

Security at Home

Tips for Secure Remote Work

OWASP Universe

Knowledge Sources

Security Requirements

Secure Development Lifecycle

Six Foundational Truths of Application Security

Intermediate: DevSecOps

In-depth exploration of threat modeling, threats, security controls, and testing tools (Video + Hands On)

Total Learning Path Duration: 5 hours 1 minute

Security Requirements

Threat Modeling Basics

Threat Modeling Process

Threat Modeling Examples

Threat Modeling Manifesto

Threat Modeling (HackEDU)

Authentication Theory

Authorization Theory

Cryptography

Software Supply Chain

AppSec in an Agile World | Part 1

AppSec in an Agile World | Part 2

AppSec in a DevOps World

Security Behaviors for DevOps

Static Application Security Testing (SAST)

Static Application Security Testing (SAST) (HackEDU)

Dynamic Application Security Testing (DAST)

Dynamic Application Security Testing (DAST) (HackEDU)

Vulnerability Scanning

Next Generation AppSec Tools

Advanced: DevSecOps

Understand secure design, how to secure the environment, repository, and release, then deep dive into the fundamentals of DevSecOps and the DevSecOps Maturity Model. (Video + Hands On)

Total Learning Path Duration: 5 hours 33 minutes

Intro to Secure Development

Designing a Secure App or Product

Secure Design Principles in Action: Part 1

Secure Design Principles in Action: Part 2

Securing the Development Environment

Protecting your Code Repository

Secure the Release

Introduction to DevOps

DevSecOps: DevOps Security Myths

DevDecOps Fails Part 1

DevSecOps Fails Part 2

DevSecOps Maturity Model Overview

DevSecOps Maturity Model Build - Deployment

Commit Hooks (HackEDU)

DevSecOps Maturity Model - Culture - Organization

Security Unit Testing (HackEDU)

DevSecOps Maturity Model Implementation - Information Gathering Part 1

Dependency Managment (HackEDU)

DevSecOps Maturity Model Implementation - Information Gathering Part 2

Continuous Monitoring (HackEdu)

DevSecOps Reference Architecture

Advanced: Docker/Kubernetes (DevSecOps)

Understand the threat landscape around docker containers and best practices for secure images, then discover how to secure Kubernetes through secure policies and best practices. (Video + Hands On)

Total Learning Path Duration: 5 hours 20 minutes

Docker: Intro to Docker Security

Docker Introduction (HackEDU)

Dockerfile Introduction (HackEDU)

Docker: Threat Landscape Part One

Docker: Threat Landscape Part Two

Docker Secret Handling (HackEDU)

Docker: Secure Software Supply Chain Part One

Docker: Secure Software Supply Chain Part Two

Docker: Best Practices - Engines

Docker Container Hardening (HackEDU)

Docker: Best Practices - Images

Docker Image Scanning (HackEDU)

Docker: Attack Surface

Docker Container Isolation

Docker Resiliency

Docker Resources

Kubernetes: Introduction to Security

Kubernetes: Attack Surface

Kubernetes: Threat Landscape

Kubernetes: Network Policy

Kubernetes: Pod Security Policy

Kubernetes Static Analyzer (HackEDU)

Kubernetes: Role Based Access Control (RBAC)

Kubernetes: Best Practices, Part One

Kubernetes: Best Practices, Part Two

Kubernetes: Best Practices, Part Three

Advanced: Infrastructure as Code (DevSecOps)

Discover advanced testing techniques, secure development, and architecture, then deep dive into specific topics for IaC to include the threat landscape, secure configurations, secure storage, and best practices. (Video Only)

Total Learning Path Duration: 4 hours 58 minutes

Vulnerability Scanning

Next Generation AppSec Tools

Intro to Secure Development

Designing a Secure App or Product

Secure Design Principles in Action: Part 1

Secure Design Principles in Action: Part 2

Intro to Secure Coding

Producing Clean, Maintainable, and Secure Code

Secure Coding Best Practices: Part 1

Secure Coding Best Practices: Part 2

Secure Code Review | Part 1

Secure Code Review | Part 2

Securing the Development Environment

Protecting your Code Repository

Secure the Release

Introduction to Infrastructure as Code

IaC Security Tips

IaC Threat Landscape

Secure Configuration with IaC

IaC Security Principles

Infrastructure as Code (HackEDU)

IaC Secure Storage

IaC Security Best Practices | Part 1

IaC Security Best Practices | Part 2

Advanced: Terraform (DevSecOps)

Discover advanced testing techniques, secure development, and architecture, then deep dive into the fundamentals of IaC before learning about Terraform's best practices, secure modules, state, secrets, and security tools. (Video + Hands On)

Total Learning Path Duration: 5 hours 7 minutes

Vulnerability Scanning

Next Generation AppSec Tools

Intro to Secure Development

Designing a Secure App or Product

Secure Design Principles in Action: Part 1

Secure Design Principles in Action: Part 2

Securing the Development Environment

Protecting your Code Repository

Secure the Release

Introduction to Infrastructure as Code

IaC Security Tips

IaC Threat Landscape

Secure Configuration with IaC

IaC Security Principles

IaC Secure Storage

IaC Security Best Practices | Part 1

IaC Security Best Practices | Part 2

Infrastructure as Code (HackEDU)

Introduction to Terraform Security

Terraform Best Practices

Secure Terraform Modules

Securing Terraform State

Terraform Secrets

Leveraging Terraform Tools for Security