DevSecOps Fundamentals

Learn the fundamentals of DevSecOps to understand what it means, why it matters, and how to implement it within your organization. With DevSecOps, one size doesn't fit all, and it's not just a matter of implementing a handful of tools or concepts. It's about understanding what makes sense for your use case and requirements, and what approaches are most relevant. It's also about understanding how to go from zero to the first few steps of implementation, and how to track progress along the way. Regardless of whether you're starting from scratch with a brand new application, or whether you're dealing with a mature product and organization, that's what this course focuses on helping you achieve.

Note that this course is text-only. This means we are not planning on adding video lessons. Please view the "About this course" lesson for more details on this! We do plan on adding more graphics over the coming weeks.

This is a premium course which means Monthly and Yearly memberships have access. This course is not available for individual purchase.

Christophe · June 4, 2023

About the Course

This DevSecOps Fundamentals course will cover each stage of the software development and DevOps lifecycle:

  • Plan
    • Learn the importance and the how-to of getting the entire organization on-board
    • Understand the importance of threat modeling in identifying and mitigating potential security risks
    • Learn how to establish security baselines to ensure a secure development environment
  • Code
    • Explore automated and manual testing techniques to identify vulnerabilities and weaknesses
    • Dive into versioning, Static Application Security Testing (SAST), secrets scanning, Software Composition Analysis (SCA), and more
  • Build
    • Learn about Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) to uncover runtime vulnerabilities
    • Explore container vulnerability scanning to prevent using insecure containerized applications
  • Test
    • Discover and practice using Infrastructure as Code (IaC) scanning and Policy as Code to prevent insecure infrastructure deployments
    • Prevent secrets from leaking out with secrets scanning and management practices
    • Understand the role of vulnerability assessments and penetration testing to identify and address security gaps
  • Release
    • Learn about the best practices for releasing and delivering secure applications
  • Deploy
    • Gain knowledge about application and server hardening to protect against common security threats
    • Learn the fundamentals of encryption and code signing for secure deployments
  • Operate & Monitor
    • Learn how to detect, respond to, and recover from security incidents
    • Explore techniques for effective security monitoring and incident management
  • Measure DevSecOps Maturity
    • Understand the key metrics and indicators to measure your DevSecOps maturity level
    • Set goals and create a roadmap for improving your organization’s security posture without getting overwhelmed

About Instructor


18 Courses

Not Enrolled

Course Includes

  • 34 Lessons