This course will teach you how to implement secure development practices and automated security testing into your Azure DevOps Pipelines. You'll learn to integrate code scanning, penetration testing, and secret management into Pipelines.
It's no longer acceptable to just perform security testing at the end of long development cycles. With modern DevOps practices, frequent production releases are normal, so an approach is needed to automate security testing in the CI/CD process. In this course, Microsoft Azure DevOps Engineer: Implement a Secure and Compliant Development Process, you'll learn how to implement secure development practices in your Azure DevOps Pipelines. First, you'll learn how to integrate automated code scanning in your pipelines to detect coding errors that could cause security vulnerabilities. Next, you'll discover how to implement tasks to detect vulnerabilities in open source libraries your code uses. Then, you'll explore how to automatically conduct a penetration test when your application is deployed to a test environment. Finally, you'll learn how to properly handle application secrets like database passwords or certificates in your deployment process. When you're finished with this course, you'll have the skills and knowledge needed to integrate secure development practices into your Azure DevOps Pipelines.
Neil is a solutions architect and developer, with a passion for web development, architecture, and security. He has worked in large and small IT organizations, written articles on development, and spoken at local .NET user groups. Neil has several Microsoft Certifications, including MCPD, MCSA, and MCSD.
Course Overview Hi everyone. My name is Neil Morrissey, and welcome to my course, Azure DevOps Engineer: Implement a Secure and Compliant Development Process. I'm a solutions architect specializing in cloud technologies. It used to be that security testing was something done after all the development was complete before the application was deployed. If issues were found, it could slow down the whole project, so security was often overlooked for the sake of time to market. Bolting on security testing at the end of the project might've worked when development cycles lasted months or years, but nowadays with DevOps, we're deploying production code more often, so our security testing practices need to evolve too. In this course, you're going to learn how to implement secure development practices in your Azure DevOps pipelines so you can run security tests during continuous integration builds and continuous deployment releases. Some of the major topics we'll cover include integrating code quality tests into your pipelines to detect coding errors that could cause security vulnerabilities, running a tool during builds that can detect vulnerabilities in open-source libraries that your code uses, automatically conducting penetration testing when your application is deployed to a test environment, and how to properly handle application secrets like database passwords or certificates in your deployment process. By the end of this course, you'll know how to make security testing a part of your CI/CD pipeline. Before beginning this course, you should be familiar with Azure DevOps repos and pipelines, so I hope you'll join me on this journey to learn secure development practices with this course, Azure DevOps Engineer: Implement a Secure and Compliant Development process here, at Pluralsight.