🔐 Security & DevSecOps
Ship safer software: shut down the OWASP Top 10, get authn/authz right, manage secrets, harden your supply chain and cloud, and bake security into the SDLC.
0/8
1Free2🔒3🔒★🔒 Standard4🔒5🔒6🔒★🔒 Standard🎓🔒 Professional
Web app vulns & the OWASP Top 10
Shut down the web's most-exploited bugs — SQLi, XSS, broken access control, and SSRF — with the durable fixes attackers can't sidestep.
AuthN/AuthZ done right
Sessions vs tokens, OAuth2/OIDC without the pitfalls, airtight JWT validation, and least-privilege authorization enforced on the server.
Secrets management
Keep credentials out of Git and build logs, centralize them in a vault with audit and rotation, and prefer short-lived, dynamically issued creds.
Chapter review
Chapter 1 review — AppSec, identity & secrets
Lab: Find & fix the access-control and secret-in-repo issues · 10-question check
Supply-chain security
Inventory dependencies with SBOMs, sign artifacts with cosign, attest builds with SLSA provenance, scan with SCA, and pin sources to defeat confusion attacks.
Cloud & container hardening
Close the gaps attackers hunt for — public buckets, wildcard IAM, IMDS credential theft — and lock down containers: non-root, read-only FS, network policy.
Secure SDLC & threat modeling
Shift security left: threat-model with STRIDE and trust boundaries, wire SAST/DAST/SCA security gates into CI, and know the incident-response basics.
Chapter review
Chapter 2 review — supply chain, cloud & secure SDLC
Lab: Harden an image, add signing/SBOM, and wire a CI security gate · 10-question check
Final exam
Security & DevSecOps — comprehensive capstone
Hands-on capstone + course-wide exam · scored to a role level