Introduction

  • 1 minute

While a DevOps way of working enables development teams to deploy applications faster, going faster over a cliff doesn't help!

DevOps teams have access to unprecedented infrastructure and scale thanks to the cloud. They can be approached by some of the most nefarious actors on the internet, as they risk the security of their business with every application deployment.

Perimeter-class security is no longer viable in such a distributed environment, so companies must adopt more micro-level security across applications and infrastructure and have multiple lines of defense.

How do you ensure your applications are secure and stay secure with continuous integration and delivery? How can you find and fix security issues early in the process? It begins with practices commonly referred to as DevSecOps.

DevSecOps incorporates the security team and their capabilities into your DevOps practices making security the responsibility of everyone on the team. Security needs to shift from an afterthought to being evaluated at every process step.

Securing applications is a continuous process encompassing secure infrastructure, designing architecture with layered security, continuous security validation, and monitoring attacks.

Screenshot of four-part circle with Infrastructure, app architecture, monitoring, and continuous validation.

Security is everyone's responsibility and needs to be looked at holistically across the application life cycle.

This module introduces DevSecOps concepts, SQL injection attacks, threat modeling, and security for continuous integration.

We'll also see how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.

You'll learn the critical validation points and how to secure your pipeline.

Learning objectives

After completing this module, students and professionals can:

  • Identify SQL injection attack.
  • Understand DevSecOps.
  • Implement pipeline security.
  • Understand threat modeling.

Prerequisites

  • Understanding of what DevOps is and its concepts.
  • Familiarity with version control principles is helpful but isn't necessary.
  • Beneficial to have experience in an organization that delivers software.