ssprkd.io
Courses

🔐 Security & DevSecOps

Ship safer software: shut down the OWASP Top 10, get authn/authz right, manage secrets, harden your supply chain and cloud, and bake security into the SDLC.

0/8
Start: Web app vulns & the OWASP Top 10 →
📊 Assess your Security & DevSecOps level to see exactly which modules to focus on.Assess →
1
Web app vulns & the OWASP Top 10
Shut down the web's most-exploited bugs — SQLi, XSS, broken access control, and SSRF — with the durable fixes attackers can't sidestep.
Free
2
AuthN/AuthZ done right
Sessions vs tokens, OAuth2/OIDC without the pitfalls, airtight JWT validation, and least-privilege authorization enforced on the server.
🔒
3
Secrets management
Keep credentials out of Git and build logs, centralize them in a vault with audit and rotation, and prefer short-lived, dynamically issued creds.
🔒
Chapter review
Chapter 1 review — AppSec, identity & secrets
Lab: Find & fix the access-control and secret-in-repo issues · 10-question check
🔒 Standard
4
Supply-chain security
Inventory dependencies with SBOMs, sign artifacts with cosign, attest builds with SLSA provenance, scan with SCA, and pin sources to defeat confusion attacks.
🔒
5
Cloud & container hardening
Close the gaps attackers hunt for — public buckets, wildcard IAM, IMDS credential theft — and lock down containers: non-root, read-only FS, network policy.
🔒
6
Secure SDLC & threat modeling
Shift security left: threat-model with STRIDE and trust boundaries, wire SAST/DAST/SCA security gates into CI, and know the incident-response basics.
🔒
Chapter review
Chapter 2 review — supply chain, cloud & secure SDLC
Lab: Harden an image, add signing/SBOM, and wire a CI security gate · 10-question check
🔒 Standard
🎓
Final exam
Security & DevSecOps — comprehensive capstone
Hands-on capstone + course-wide exam · scored to a role level
🔒 Professional