Learn how Microsoft supports secure software development as part of a cybersecurity solution

Beginner
Administrator
Security Operations Analyst
Security Engineer
Microsoft 365
Azure

Secure software development means integrating security into each phase of your development lifecycle, from requirements analysis to maintenance. Microsoft provides many services that can help you develop more secure code and deploy a more secure application in the cloud.

This learning path provides an overview of the services and offerings available to help you build secure software as part of a cybersecurity solution.

The deadline for agencies to comply with NIST/CISA/OMB guidance on security measures for critical software (including applying practices of least privilege, network segmentation, and proper configuration), per section 4 of the Executive Order on Improving the Nation's Cybersecurity, is August 10, 2021.

The deadline for agencies to comply with the guidance identifying practices that enhance the security of the software supply chain with respect to software procurement, also per section 4, is March 8, 2022.

Prerequisites

None

Modules in this learning path

Learn how to incorporate security into your architecture design, and discover the tools that Azure provides to help you create a secure environment through all the layers of your architecture.

Explore what DevOps is (and isn't) and learn how to get started with Azure DevOps.

Learn to use key GitHub features, including issues, notifications, branches, commits, and pull requests.

In this module, you'll learn best practices for building, hosting, and maintaining a secure repository on GitHub.

Learn how to create security baselines for your Azure services by ensuring that your settings meet the minimum requirements described in CIS Benchmarks for Azure v. 1.3.0.

Your application requires service passwords, connection strings, and other secret configuration values to do its job. Storing and handling secret values is risky, and every usage introduces the possibility of leakage. Azure Key Vault, in combination with managed identities for Azure resources, enables your Azure web app to access secret configuration values easily and securely without needing to store any secrets in your source control or configuration.