DevSecOps is an extension of the DevOps movement that aims to bring security practices into the development lifecycle through developer-centric security tooling and processes.

Contributions welcome. Add links through pull requests or create an issue to start a discussion.

Contents

  • Resources
    • Articles
    • Books
    • Communities
    • Conferences
    • Newsletters
    • Podcasts
    • Secure Development Guidelines
    • Secure Development Lifecycle Framework
    • Toolchains
    • Training
    • Wikis
  • Tools
    • Dependency Management
    • Dynamic Analysis
    • Infrastructure as Code Analysis
    • Intentionally Vulnerable Applications
    • Monitoring
    • Secrets Management
    • Secrets Scanning
    • Static Analysis
    • Supply Chain Security
    • Threat Modelling
  • Related Lists

Resources

Articles

Books

  • Alice and Bob Learn Application Security – Tanya Janca – An accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development.

Communities

  • MyDevSecOps – Snyk – A community that runs conferences, a blog, a podcast and a Slack workspace dedicated to DevSecOps.

Conferences

  • AppSec Day – OWASP – An Australian application security conference run by OWASP.
  • DevSecCon – Snyk – A network of DevSecOps conferences run by Snyk.

Newsletters

  • Shift Security Left – Cossack Labs – A free biweekly newsletter for security-aware developers covering application security, secure architecture, DevSecOps, cryptography, incidents, etc. that can be useful for builders and (to a lesser extent) for breakers.

Podcasts

  • Absolute AppSec – Seth Law & Ken Johnson – Discussions about current events and specific topics related to application security.
  • Application Security Podcast – Security Journey – Interviews with industry experts about specific application security concepts.
  • BeerSecOps – Aqua Security – Breaking down the silos of Dev, Sec and Ops, discussing topics that span these subject areas.
  • DevSecOps Podcast Series – OWASP – Discussions with thought leaders and practitioners to integrate security into the development lifecycle.
  • The Secure Developer – Snyk – Discussion about security tools and best practices for software developers.

For more information click here.

Published by Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a comment

Your email address will not be published. Required fields are marked *