- Learn DevSecOps principles to integrate security throughout your development lifecycle. Understand common vulnerabilities like SQL injection, implement continuous security validation in pipelines, conduct threat modeling, and use tools like GitHub CodeQL for automated security analysis.
By the end of this module, you'll be able to:
- Identify and understand SQL injection attacks and their impact on application security.
- Explain DevSecOps principles and how security integrates throughout the development lifecycle.
- Implement security validation at key points in your DevOps pipeline.
- Conduct threat modeling to identify and prioritize security risks.
- Use GitHub CodeQL for automated security analysis and vulnerability detection.
- Learn how to implement open-source software securely, understand licensing implications, evaluate corporate concerns, and manage open-source components in enterprise environments.
By the end of this module, you're able to:
Understand how modern software is built using open-source components and the benefits they provide.
Explain corporate concerns about open-source software including security vulnerabilities, license compliance, and supply chain risks.
Describe common open-source licenses including MIT, Apache, GPL, BSD, and their key characteristics.
Evaluate license implications for commercial software development and understand license compatibility.
Implement strategies for managing open-source components including inventory management, vulnerability scanning, and license compliance.
- Learn Software Composition Analysis (SCA) to detect vulnerabilities and license compliance issues in open-source dependencies, implement GitHub Dependabot, integrate scanning tools into pipelines, and automate container security scanning.
By the end of this module, you are able to:
Understand Software Composition Analysis (SCA) and why it's essential for managing open-source dependencies securely.
Inspect and validate code bases for license compliance and security vulnerabilities using automated tools.
Implement GitHub Dependabot to automatically detect vulnerable dependencies and create pull requests for security updates.
Integrate Software Composition Analysis checks into Azure Pipelines to scan dependencies during build and deployment processes.
Examine and configure SCA tools including Mend (WhiteSource), Snyk, OWASP Dependency-Check, and Azure Artifacts upstream sources.
Automate container image scanning to detect vulnerabilities in base images and application dependencies.
Interpret alerts from scanning tools and prioritize remediation based on severity, exploitability, and business impact.
- Learn security monitoring and governance with Microsoft Defender for Cloud, Azure Policy, resource locks, Microsoft Defender for Identity, and GitHub Advanced Security integration for comprehensive DevSecOps protection.
By the end of this module, you're able to:
Implement pipeline security best practices and secure DevOps workflows.
Configure Microsoft Defender for Cloud for threat protection and compliance monitoring.
Create and manage Azure policies for governance and compliance enforcement.
Understand policy initiatives, resource locks, and governance frameworks.
Deploy Microsoft Defender for Identity threat detection.
Integrate GitHub Advanced Security with Microsoft Defender for Cloud.
Configure GitHub Advanced Security features including code scanning, secret scanning, and dependency scanning.
