Overview

This course focuses on DevSecOps, integrating security into the software lifecycle. Building and deploying software at scale requires security from the start. Built by the Cyber Skills Academy at Macquarie University, this course provides expertise to embed security into every software development phase. Co-designed with industry, it offers actionable knowledge for developers, engineers, and security professionals. You will learn: • Secure software architecture principles for resilient systems. • Security-aware coding practices, including API, access control, and web vulnerability management. • Application-layer security using static analysis and dependency checks. • CI/CD pipeline hardening with tools like Infrastructure as Code, SLSA, and SBOMs. • Cloud-native security for Azure deployments using containers and Kubernetes. • MLSecOps, addressing machine learning model security within DevSecOps workflows. • Attack surface awareness to anticipate and defend against threats. The course explores real-world tools and frameworks, teaching how to shift security left and build security into every commit, build, and deploy. This course provides skills for secure software delivery, from development to deployment. To succeed, learners should have a basic understanding of software development concepts and familiarity with command-line interfaces.

Syllabus

Development and Operations with Security

Security begins at the start of the software development lifecycle. This module covers DevSecOps principles and how to integrate security into development and operations. Understand core DevSecOps objectives, how modern development impacts security, and the importance of secure design. Learn practices for handling secrets and maintaining version control integrity. By the end, you will embed security into agile and DevOps workflows, ensuring continuous protection.

Secure Software Development

Building secure software requires a security-first approach. This module covers principles and practices to strengthen software resilience, reduce vulnerabilities, and protect user data. Learn techniques for secure coding, implementing access controls, hardening APIs, and ensuring web application security. Real-world scenarios show how security decisions impact risk. By the end, you will integrate security into development practices for trusted software.

Application DevSecOps

Software delivery needs continuous, automated security integrated into the pipeline. This module focuses on application-layer risks and protections within DevSecOps, catching vulnerabilities early. Learn to implement continuous security, manage dependency integrity, and use static application analysis to detect weaknesses. Examine software repository roles in maintaining trust. By the end, you will apply security to every stage of application development to reduce risk and accelerate delivery.

DevSecOps Pipelines

Modern software delivery relies on fast, automated pipelines, with security built-in. This module covers embedding security controls into CI/CD pipelines, making security a continuous, automated part of your process. Examine integrating static scanners and dynamic application security testing (DAST) into workflows. Learn to secure infrastructure using Infrastructure as Code (IaC) practices. Protect the delivery pipeline from code to production. By the end, you will design and operate secure, efficient DevSecOps pipelines.

DevSecOps Cloud Azure

Securing cloud deployments is essential for modern DevSecOps. This module focuses on implementing security controls in Azure environments, with containerized applications and service mesh architectures. Learn to secure containers with Docker, manage orchestration using Kubernetes, and address cloud network security. Understand how DevSecOps principles apply to cloud infrastructure challenges. By the end, you will build and operate secure, scalable cloud environments using DevSecOps practices in Azure.

Threats & Attacks

Cyber threats constantly evolve. This module examines threats and attack vectors targeting modern DevSecOps environments, including those in machine learning (ML) and AI systems. Learn to evaluate security risks across the software delivery lifecycle. Understand AI use within DevSecOps and the field of MLSecOps for securing machine learning models. By the end, you will anticipate, evaluate, and respond to threats, evolving your DevSecOps practices.