Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Macquarie University

DevSecOps

Macquarie University via Coursera

Go to class Write review

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
DevSecOps | Securing the Software Lifecycle In today’s fast-paced digital economy, the need to build and deploy software at scale has never been greater—but speed without security is a recipe for risk. That’s why DevSecOps is no longer optional—it’s essential. Security That Scales With Your Code This course, built by the Cyber Skills Academy at Macquarie University, a top 1% university globally and Australia’s leading cyber security school, delivers the expertise needed to embed security into every phase of the software development lifecycle. Co-designed with industry to reflect current and emerging best practices, this course is packed with actionable knowledge for developers, engineers, and security professionals. You’ll gain deep, practical insight into: • Secure-by-design software architecture, including the principles that shape resilient systems from day one. • Security-aware coding practices, including how to manage APIs, access controls, and web vulnerabilities. • Application-layer security, leveraging static analysis and dependency checks to detect flaws early. • CI/CD pipeline hardening, with tools and practices that automate trust—from infrastructure as code to SLSA and SBOMs. • Cloud-native security, using containers, Kubernetes, and service mesh solutions to build robust Azure deployments. • MLSecOps, where the challenges of securing machine learning models meet modern DevSecOps workflows. • Attack surface awareness, equipping you to think like an attacker and defend accordingly. Throughout the course, you’ll explore real-world tools and frameworks, learn how to shift security left, and build security into every commit, build, and deploy. Build Fast, Deploy Secure Whether you’re a developer aiming to level up your security game, or a security specialist stepping into DevOps environments, this course will give you the skills to lead in secure software delivery—from development through to deployment and beyond.

Syllabus

  • Development and Operations with Security
    • Security must start at the very beginning of the software development lifecycle. In this topic, you’ll explore the foundational principles of DevSecOps and learn how to integrate security thinking into every phase of development and operations. You’ll gain an understanding of the core objectives of DevSecOps, how modern development methodologies and tools impact security, and the importance of secure design practices from day one. The topic also covers critical practices like handling secrets securely and maintaining integrity in version control systems. By the end of this topic, you’ll have a clear grasp of how to embed security into agile and DevOps workflows—ensuring that protection isn’t an afterthought, but a continuous and collaborative part of delivering software.
  • Secure Software Development
    • Building secure software requires more than just writing functional code—it demands a security-first mindset at every step of development. In this topic, you’ll dive into the principles and practices that strengthen software resilience, reduce vulnerabilities, and safeguard user data. You’ll explore essential techniques for secure coding, from implementing effective access controls and hardening APIs, to ensuring robust web application security. Real-world development scenarios will highlight how poor security decisions introduce risk—and how best practices can prevent them. By the end of this topic, you’ll understand how to weave security into your development practices, making it a natural and non-negotiable part of delivering trusted, high-integrity software.
  • Application Aspects of DevSecOps
    • In the fast-paced world of software delivery, security must be continuous, automated, and deeply integrated into the development pipeline. This topic focuses on the application-layer risks and protections within the DevSecOps workflow—ensuring vulnerabilities are caught early and often. You’ll explore how to implement continuous security, manage dependency integrity, and use static application analysis to detect weaknesses before code reaches production. The topic also examines the role of software repositories in maintaining trust and control across application components. By the end of this topic, you’ll understand how to shift security left—embedding it into every stage of application development to reduce risk and accelerate delivery.
  • DevSecOps in Pipelines
    • Modern software delivery relies on fast, automated pipelines—but speed must not come at the cost of security. This topic explores how to embed robust security controls into CI/CD pipelines, ensuring that security is a continuous, automated part of your build and deployment process. You’ll examine how tools like static scanners and dynamic application security testing (DAST) can be integrated into development workflows, and how to secure infrastructure using Infrastructure as Code (IaC) practices. Whether deploying to cloud or on-prem environments, you’ll learn how to protect the entire delivery pipeline from code to production. By the end of this topic, you’ll be equipped to design and operate secure, efficient DevSecOps pipelines that support rapid deployment without compromising on security.
  • DevSecOps in Cloud Environment (based on Azure)
    • As cloud-native architectures become the norm, securing deployments in the cloud is essential for any modern DevSecOps strategy. This topic focuses on implementing security controls in Azure-based environments, with a strong emphasis on containerised applications and service mesh architectures. You’ll explore how to secure containers with Docker, manage application orchestration using Kubernetes, and address key aspects of cloud network security. The topic also examines how DevSecOps principles apply to the unique challenges of cloud infrastructure and dynamic workloads. By the end of this topic, you'll understand how to build and operate secure, scalable, and resilient cloud environments using DevSecOps best practices in Azure.
  • Threats and Attacks
    • Even with secure pipelines and best practices in place, cyber threats are constantly evolving. In this final topic, you’ll examine the landscape of threats and attack vectors targeting modern DevSecOps environments—including those emerging in machine learning (ML) and AI-driven systems. You’ll learn how to evaluate security risks across the software delivery lifecycle, understand how AI is being used within DevSecOps, and explore the growing field of MLSecOps—the practice of securing machine learning models in production. By the end of this topic, you’ll be equipped to anticipate, evaluate, and respond to complex threats—ensuring your DevSecOps practices evolve alongside the technologies and risks shaping the future of software security.

Taught by

Matt Bushby

Tags

Reviews

Start your review of DevSecOps

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.