006-OWASP Security Guidelines

DevOps enables rapid application development while security teams follow a traditional way of performing security checks. If security (that is, configuration checks, code analysis, vulnerability scanning, and more) is not adequately automated then it leads to increased security violations and hacking / phishing attacks. Integrating security in the DevOps ethos helps fix flaws earlier in the development process. This course shows you how to apply DevOps security best practices at every stage in your DevOps pipeline. You will learn proven approaches to reducing vulnerability and strengthening your defenses against attack. You will understand using security as code with the intent of making security and compliance consumable as a service. This course explains how DevOps security practices differ from traditional security approaches and provides techniques to embed governance and cybersecurity functions throughout the DevOps workflow. By the end of the course, you will have learned best practices in DevSecOps, the core concepts of secure DevOps, and how security can be integrated into the development pipeline.

Style and Approach

A comprehensive course filled with step-by-step instructions, working examples, and practical insight. We take a web application and use OWASP DevSecOps Studio to show how to embed security verification in various stages of the product development pipeline. The entire course is segmented into small parts, which creates for an immersive learning experience. The different sections focus on one area and help you to decide your pace of learning.