The DevSecOps course and preset training plan addresses all five phases of the application lifecycle, including pre-development, development, testing, deployment, and ongoing maintenance. These 26 lessons and articles help development, security, and operations professionals improve their secure coding knowledge and enhance the security of the apps you deliver.

KEY

Lessons: italicized

Articles: bold

Pre-Development:

  • Threat Modeling

  • Commit Hooks

  • IDE Security Plugins

Development:

  • Intro to Git Hooks

  • Security Code Reviews

  • Security Unit Tests

  • Docker Intro

  • Dockerfile Intro

  • Docker Container Hardening

  • Container Size Limiting

Testing:

  • SAST

  • DAST

  • Dependency Management

  • Docker Image Scanning

  • Security Acceptance Testing

  • Kubernetes Static Analyzer

Deployment:

  • Docker Secret Handling

  • Security Smoke Tests

  • Infrastructure as Code

  • Security Configuration Management

  • Server Hardening

  • Secrets Management

Ongoing:

  • Continuous Monitoring

  • Penetration Testing

  • Blameless Postmortems

  • Threat Intelligence

Did this answer your question?