DevSecOps: Adding Security Testing Tools to Pipelines

Automated security testing can be daunting to start with.
This course will
teach you which tools you can easily implement into your existing CI/CD
pipelines and what results can be expected with each tool.

You want to start implementing automated security tests into your existing CI/CD pipelines. In this course, DevSecOps: Adding Security Testing Tools to Pipelines, you’ll learn to select the right tool for the right job. First, you’ll explore several tools that can detect secrets. Next, you’ll discover how to add static and dynamic application security testing tools to pipelines. Finally, you’ll learn how to perform software composition analysis. When you’re finished with this course, you’ll have the skills and knowledge of automated security testing needed to properly implement automated security testing into pipelines: from automatically detecting secrets in your source code all the way to running scans against a running application.

• Course Overview 1min
• Initializing the Setup for Automated Security Testing 20mins
• Detecting Secrets in Code 15mins
• Performing Dockerfile Linting using Hadolint 7mins
• Performing Static Application Security Testing Using njsscan 6mins
• Performing Static Application Security Testing Using SonarQube 13mins
• Performing Software Composition Analysis Using OWASP Dependency-Check 9mins
• Detecting Vulnerabilities in Third-party Libraries Using Software Bill of Materials and OWASP Dependency-Track 14mins
• Detecting Vulnerabilities in Images Using Trivy 6mins
• Performing Dynamic Application Security Testing Using OWASP ZAP 8mins
• Performing Dynamic Application Security Testing Using Nikto 6mins
• Performing Full Automated Security Testing in a Pipeline 9mins