AZ-400: Implement security and validate code bases for compliance

• Plan to DevSecOps
• Integrate security tools like WhiteSource, Micro Focus, Checkmarx and Veracode with Azure DevOps
• Implement pipeline security
• Use Secure DevOps kit for Azure (AzSK)

By the end of this module, you'll be able to:

• Configure Azure Security Center
• Understand Azure policies
• Describe initiatives, resource locks and Azure Blueprints
• Work with Microsoft Defender for Identity

By the end of this module, you'll be able to:

• Implement open-source software
• Explain corporate concerns for open-source components
• Describe open-source licenses
• Understand the license implications and ratings

By the end of this module, you'll be able to:

• Manage anti-malware and anti-spam policies
• Inspect and validate code bases for compliance
• Implement OWASP Security Coding Practices
• Understand compliance for code bases

By the end of this module, you'll be able to:

• Implement security validation
• Work with SonarCloud
• Interpret alerts from scanner tools
• Configure GitHub Dependabot alerts and security

By the end of this module, you'll be able to:

• Identify and manage technical debt
• Integrate code quality tools
• Plan code reviews
• Describe complexity and quality metrics

• Introduction
• Understand DevSecOps
• Explore rugged DevOps pipeline
• Explore software composition analysis (SCA)
• Integrate WhiteSource with Azure DevOps pipeline
• Integrate Micro Focus Fortify with Azure Pipelines
• Integrate Checkmarx with Azure DevOps
• Integrate Veracode with Azure DevOps
• Integrate software composition analysis checks into pipelines
• Implement pipeline security
• Secure DevOps kit for Azure (AzSK)
• Knowledge check
• Summary

• Introduction
• Explore Azure Security Center
• Examine Azure Security Center usage scenarios
• Explore Azure Policy
• Understand policies
• Explore initiatives
• Explore resource locks
• Explore Azure Blueprints
• Understand Microsoft Defender for Identity
• Knowledge check
• Summary

• Introduction
• Explore how software is built
• What is open-source software?
• Explore corporate concerns with open-source software components
• Introduction to open-source licenses
• Explore common open-source licenses
• Examine license implications and ratings
• Knowledge check
• Summary

• Introduction
• Inspect and validate code bases for compliance
• Plan to implement OWASP Secure Coding Practices
• Knowledge check
• Summary

• Introduction
• Implement continuous security validation
• Explore OWASP ZAP penetration test
• Explore OWASP ZAP results and bugs
• Examine tools for assess package security and license rate
• Explore SonarCloud
• Interpret alerts from scanner tools
• Explore CodeQL in GitHub
• Implement GitHub Dependabot alerts and security updates
• Knowledge check
• Summary

• Introduction
• Examine code quality
• Examine complexity and quality metrics
• Introduction to technical debt
• Measure and manage technical debt
• Integrate other code quality tools
• Plan effective code reviews
• Knowledge check
• Summary