YoVDO

Making Security Approachable for Developers and Operators

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses APIs Courses Data Protection Courses Secret Management Courses Policy-as-Code Courses

Course Description

Overview

Explore a conference talk from AppSecUSA 2018 that addresses the challenge of making security more accessible to developers and operators. Learn how to apply best practices and integrate security into DevOps processes through APIs, secure-by-default platforms, and policy as code. Discover strategies for simplifying complex security concepts, moving beyond the traditional "castle and moat" model, and implementing a zero-trust approach. Gain insights into secret management, data protection, and traffic authentication/authorization. Examine the division of labor between security teams and developers, and understand how to effectively educate practitioners on security principles. Delve into the evolution of security concerns in modern application development and operations.

Syllabus

Intro
Security Mindset
Castle & Moat Security
Castle & Moat Mentality
Network Teams
Operations Teams
Castle & Moat Model
Consider: Network Integrity
Castle & Moat in Practice
Zero Trust Model
Secret Management
Data Protection
Traffic AuthN / Authz
Complexity of Security
Java 7: Cipher Class Documentation
Java Documentation
Path Forward
Splitting the Problems
Platform Layer
Application Middleware
Vault for Cryptographic Offload
Frameworks
Application Logic
Division of Labor
Security Teams
Developer Teams
Practitioner Education
Teaching Security
Traditional Security
Growing Application Concerns


Taught by

OWASP Foundation

Related Courses

Web Development
Udacity
Do-It-Yourself Geo Apps
Esri via Independent
Software Construction: Object-Oriented Design
The University of British Columbia via edX
Full-Text Search with SAP HANA Platform
SAP Learning
Tools for Data Science
IBM via Coursera