.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
.webp)
DevSecOps is an extension of the DevOps movement that aims to bring security practices into the development lifecycle through developer-centric security tooling and processes.
Contributions welcome. Add links through pull requests or create an issue to start a discussion.
Contents
- Resources
- Articles
- Books
- Communities
- Conferences
- Newsletters
- Podcasts
- Secure Development Guidelines
- Secure Development Lifecycle Framework
- Toolchains
- Training
- Wikis
- Tools
- Dependency Management
- Dynamic Analysis
- Infrastructure as Code Analysis
- Intentionally Vulnerable Applications
- Monitoring
- Secrets Management
- Secrets Scanning
- Static Analysis
- Supply Chain Security
- Threat Modelling
- Related Lists
Resources
Articles
- Our Approach to Employee Security Training – Pager Duty – Guidelines to running security training within an organisation.
Books
- Alice and Bob Learn Application Security – Tanya Janca – An accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development.
Communities
- MyDevSecOps – Snyk – A community that runs conferences, a blog, a podcast and a Slack workspace dedicated to DevSecOps.
Conferences
- AppSec Day – OWASP – An Australian application security conference run by OWASP.
- DevSecCon – Snyk – A network of DevSecOps conferences run by Snyk.
Newsletters
- Shift Security Left – Cossack Labs – A free biweekly newsletter for security-aware developers covering application security, secure architecture, DevSecOps, cryptography, incidents, etc. that can be useful for builders and (to a lesser extent) for breakers.
Podcasts
- Absolute AppSec – Seth Law & Ken Johnson – Discussions about current events and specific topics related to application security.
- Application Security Podcast – Security Journey – Interviews with industry experts about specific application security concepts.
- BeerSecOps – Aqua Security – Breaking down the silos of Dev, Sec and Ops, discussing topics that span these subject areas.
- DevSecOps Podcast Series – OWASP – Discussions with thought leaders and practitioners to integrate security into the development lifecycle.
- The Secure Developer – Snyk – Discussion about security tools and best practices for software developers.
For more information click here.
.webp "Bomber : Navigating Security Vulnerabilities In SBOMs")
.webp "Akto.io API Security : A Comprehensive Guide To Empowering Security Teams")
.webp "Azure Outlook C2 – Unveiling Remote Control Of Windows Devices Via Outlook Mailbox")
.webp "Awesome GDPR – Empowering Privacy through Comprehensive Compliance And Innovation")
.webp&description=DevSecOps is an extension of the DevOps movement that aims to bring security practices into the development lifecycle through developer){kind=link}