DevOps is taking the world by storm, but the often overlooked part is that keeping applications secure is increasingly important. So how do you keep your entire development chain secure and within compliance? This path answers that question by showing you the fundamentals of DevSecOps and keeping your CI/CD pipelines safe while incorporating security best practices into your DevOps lifecycle.

Syllabus

DevSecOps: The Big Picture

Approaching Automated Security Testing in DevSecOps

Performing DevSecOps Automated Security Testing

Integrating Automated Security Testing Tools

Integrating Incident Response into DevSecOps

Enabling Security Governance and Compliance in DevSecOps

Pluralsight: Fundamentals of DevSecOps

ادامه مطلب

In this course, you will learn to reverse engineer. That will allow you to protect intellectual property, find vulnerabilities, and pull apart malware. Join me in making the world a little safer. In the prior courses we learned there are 4 main techniques to secure code: design review, static analysis, manual audit, and dynamic (fuzz) testing. But, once the code is fielded, hackers will begin researching exploits against it. In this course, learn how and why compiled binaries are examined and scoured for weaknesses, and why reversing is also a required malware analysis skill and is sometimes needed for low-level developers working with undocumented APIs. After watching this course you’ll be familiar all of the above and with the popular IDA pro tool and how to use it. Download the IDA pro demo to complete the labs.

Syllabus

Using IDA Pro to Reverse Code

Learning x86 and Calling Conventions

Understanding C-to-Assembly and Compiled Structures

Patching a Compiled Binary

Reversing C++

Extending IDA with Scripts

Pluralsight: Security for Hackers and Developers

ادامه مطلب

A Splunk Enterprise Security (ES) Admin manages a Splunk Enterprise Security environment, including ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customization’s. This skill demonstrates an individual’s ability to install, configure, and manage a Splunk Enterprise Security deployment.

Syllabus

Splunk Enterprise Security: Big Picture

Planning, Deploying, and Configuring Splunk Enterprise Security

Managing Splunk Enterprise Security Data and Dashboards

Designing and Creating Add-ons for Splunk Enterprise Security

Tuning and Creating Correlation Searches in Splunk Enterprise Security

Configuring Threat Intelligence in Splunk Enterprise Security

Pluralsight: Splunk Enterprise Security Administration

ادامه مطلب

Threat Modeling aims to improve security through the practice of identifying threats, attacks vulnerabilities for the purpose of defining countermeasures to prevent or mitigate loss, damage or destruction of an application, system or data.

Syllabus

Threat Modeling Fundamentals

Performing Threat Modeling with the Microsoft Threat Modeling Methodology

Performing Threat Modeling with the OCTAVE Methodology

Performing Threat Modeling with the PASTA Methodology

Threat Modeling with the Microsoft Threat Modeling Tool

Building and Leading an Effective Threat Modeling Program

Pluralsight: Threat Modeling

ادامه مطلب

PHP is one of the most widely-used web programming languages in the world. In this course, you’ll learn to write more secure PHP code. Web applications are under attack every day. PHP, being one of the most widely-used programming languages on the web, is one of the main targets. Some oddities, especially those of older versions, facilitate some of the attacks. This course, PHP Web Application Security, helps developers to understand security risks, how vulnerabilities can be exploited, and how to avoid those attacks. First you’ll learn about how to defend against cross-site scripting, including new approaches such as content security policy. Next, you’ll learn about how cross-site request forgery works, why it works so well, and how you can implement protection using PHP. Finally, the course will wrap up by teaching you how to protect against SQL injection attacks, covering not only MySQL, but also other relevant databases PHP supports. By the end of this course, you’ll have the knowledge to anticipate and defend against the major threats against web applications today.

Syllabus

PHP Web Application Security

Input Validation

Cross-site Scripting (XSS)

SQL Injection

State Management

Cross-site Request Forgery (CSRF)

Storing Passwords

Error Handling

Conclusion

Pluralsight: Web Application Security

ادامه مطلب

This skill will teach you a basic understanding and applicability of Zero Trust Architecture (ZTA). The intention of this skill is to help you understand the foundational concepts of Zero Trust Architecture (ZTA), when and how to employ it, as well as understanding the resource implications and related decisions that need to be made. We also cover determining the deployment scenarios and use cases for ZTA, as well as migrating to and maturing associated programs.

Syllabus

Zero Trust Architecture (ZTA): Getting Started

Zero Trust Architecture (ZTA): Strategize and Establish

Zero Trust Architecture (ZTA): Use Case Identification and Implementation

Zero Trust Architecture (ZTA): Migration, Review and Maturation

Pluralsight: Zero Trust Architecture (ZTA)

ادامه مطلب