YoVDO

Infusing Security Into the Application Development Process

Offered By: Nginx via YouTube

Tags

Application Security (AppSec) Courses DevOps Courses Vulnerability Scanning Courses Software Supply Chain Security Courses Container Security Courses Software Bill of Materials (SBOM) Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a comprehensive 43-minute video on infusing security into the application development process. Dive into various aspects of how, when, and why to incorporate security measures in software development. Learn about the Spring framework, open-source usage, and the importance of Software Bill of Materials (SBOM). Discover tools like Artifactory/Xray for generating and exporting SBOMs. Understand the significance of "everything as code" approach, vulnerability scanning, and the role of Certified Naming Authorities (CNA). Explore concepts such as SLSA (Supply Chain Levels for Software Artifacts) and automated security tools like FrogBot. Gain insights on securing container images, managing dependencies, and adopting a security-minded development approach. This informative discussion features Melissa McKay from JFrog and Damian Curry from NGINX, offering valuable lessons for modern application development.

Syllabus

Intro
Recap of what was covered in previous episodes
Introducing the Spring framework
Using open source in your application
Dependencies - https://xkcd.com/2347/
Introducing the Software Bill of Materials SBOM
Generating an SBOM in Artifactory/ Xray
Exporting an SBOM Artifactory/Xray
Who should be paying attention to security
Everything as code
How times have changed
Awareness is key
The Leftpad incident
Engineering in software engineering
Choosing components
Involving management in security
Considering security from the beginning
Available resources for vulnerability intel
All vulnerabilities vs applicable vulnerabilities
Importance of context in vulnerability scanning
What is a Certified Naming Authority CNA ?
Different flavors of vulnerability research
SLSA - Supply Chain Levels for Software Artifacts
A shared vocabulary
Automating SBOMs
From the developers side
FrogBot: scan pull requests for vulnerabilities after check-in
Securing your container images
Problems with always using the latest version
Looking into pyrsia.io for software supply chain security
Security-minded development


Taught by

NGINX, Inc

Related Courses

Startup Engineering
Stanford University via Coursera Developing Scalable Apps in Java
Google via Udacity Cloud Computing Concepts, Part 1
University of Illinois at Urbana-Champaign via Coursera Cloud Networking
University of Illinois at Urbana-Champaign via Coursera Cloud Computing Concepts: Part 2
University of Illinois at Urbana-Champaign via Coursera