AZ-400: Implement security and validate code bases for compliance
Offered By: Microsoft via Microsoft Learn
Course Description
Overview
- Module 1: Understand security in the Pipeline
- Plan to DevSecOps
- Integrate security tools like WhiteSource, Micro Focus, Checkmarx and Veracode with Azure DevOps
- Implement pipeline security
- Use Secure DevOps kit for Azure (AzSK)
- Module 2: Introduction to Azure Security Center
- Configure Azure Security Center
- Understand Azure policies
- Describe initiatives, resource locks and Azure Blueprints
- Work with Microsoft Defender for Identity
- Module 3: Implement open-source software
- Implement open-source software
- Explain corporate concerns for open-source components
- Describe open-source licenses
- Understand the license implications and ratings
- Module 4: Manage anti-malware and anti-spam policies
- Manage anti-malware and anti-spam policies
- Inspect and validate code bases for compliance
- Implement OWASP Security Coding Practices
- Understand compliance for code bases
- Module 5: Integrate license and vulnerability scans
- Implement security validation
- Work with SonarCloud
- Interpret alerts from scanner tools
- Configure GitHub Dependabot alerts and security
- Module 6: Identify technical debt
- Identify and manage technical debt
- Integrate code quality tools
- Plan code reviews
- Describe complexity and quality metrics
By the end of this module, you'll be able to:
By the end of this module, you'll be able to:
By the end of this module, you'll be able to:
By the end of this module, you'll be able to:
By the end of this module, you'll be able to:
Syllabus
- Module 1: Understand security in the Pipeline
- Introduction
- Understand DevSecOps
- Explore rugged DevOps pipeline
- Explore software composition analysis (SCA)
- Integrate WhiteSource with Azure DevOps pipeline
- Integrate Micro Focus Fortify with Azure Pipelines
- Integrate Checkmarx with Azure DevOps
- Integrate Veracode with Azure DevOps
- Integrate software composition analysis checks into pipelines
- Implement pipeline security
- Secure DevOps kit for Azure (AzSK)
- Knowledge check
- Summary
- Module 2: Introduction to Azure Security Center
- Introduction
- Explore Azure Security Center
- Examine Azure Security Center usage scenarios
- Explore Azure Policy
- Understand policies
- Explore initiatives
- Explore resource locks
- Explore Azure Blueprints
- Understand Microsoft Defender for Identity
- Knowledge check
- Summary
- Module 3: Implement open-source software
- Introduction
- Explore how software is built
- What is open-source software?
- Explore corporate concerns with open-source software components
- Introduction to open-source licenses
- Explore common open-source licenses
- Examine license implications and ratings
- Knowledge check
- Summary
- Module 4: Manage anti-malware and anti-spam policies
- Introduction
- Inspect and validate code bases for compliance
- Plan to implement OWASP Secure Coding Practices
- Knowledge check
- Summary
- Module 5: Integrate license and vulnerability scans
- Introduction
- Implement continuous security validation
- Explore OWASP ZAP penetration test
- Explore OWASP ZAP results and bugs
- Examine tools for assess package security and license rate
- Explore SonarCloud
- Interpret alerts from scanner tools
- Explore CodeQL in GitHub
- Implement GitHub Dependabot alerts and security updates
- Knowledge check
- Summary
- Module 6: Identify technical debt
- Introduction
- Examine code quality
- Examine complexity and quality metrics
- Introduction to technical debt
- Measure and manage technical debt
- Integrate other code quality tools
- Plan effective code reviews
- Knowledge check
- Summary
Tags
Related Courses
Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld SystemsVanderbilt University via Coursera Engineering Maintainable Android Apps
Vanderbilt University via Coursera Software Design as an Element of the Software Development Lifecycle
University of Colorado System via Coursera Secure Software Development
Pluralsight Secure Software Concepts for CSSLPĀ®
Pluralsight