ssprkd.io
πŸ”Skill assessment Β· 66 questions

Security & DevSecOps skill assessment

Ship fast without shipping holes.

What it covers

AppSec & OWASP

Learn how the common web vulnerabilities actually work so you can spot and prevent them. The OWASP Top 10 is the baseline every engineer should internalize.

Injection / SQLi and parameterized queriesXSS and output encodingCSRF and SSRFBroken access control (authz vs authn)Input validation

Secrets Management

Secrets must never live in code, images, or env where they leak. Master short-lived, centrally-managed, rotated credentials.

Why secrets in env/ARG/layers leakVault and cloud secret managersRotation and short-lived credentialsKMS / envelope encryption

Identity & Access

Get authentication and authorization right: least privilege, correct token validation, and modern federation.

Least privilege; RBAC vs ABACOAuth2 / OIDC flowsJWT validation pitfallsMFA and session management

Network Security

Defend traffic and segment blast radius: encrypt in transit, restrict egress, and assume breach.

TLS / mTLSSecurity groups vs NACLs / firewallsZero trust and segmentationEgress filtering; defense in depth

Supply Chain

Your dependencies and build pipeline are an attack surface. Learn to verify what you ship.

Dependency / SCA scanningSBOM and provenance (SLSA)Image signing (cosign / sigstore)Pinning and typosquatting defense

Cloud Security

Most cloud breaches are misconfigurations. Learn the shared responsibility model and common footguns.

IAM misconfigurationPublic bucket / data exposureSSRF to the metadata service (IMDS)Encryption at rest/in transit; guardrails/SCPs

Secure SDLC

Ready to benchmark your Security & DevSecOps skills?

66 questions Β· about 5 minutes Β· see your level and percentile instantly.

Take the assessment β†’

Explore other assessments