Awesome DevSecOps – A Comprehensive Guide To Resources And Tooling
DevSecOps is an extension of the DevOps movement that aims to bring security practices into the development lifecycle through developer-centric security tooling and processes.
Contributions welcome. Add links through pull requests or create an issue to start a discussion.
Alice and Bob Learn Application Security – Tanya Janca – An accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development.
Communities
MyDevSecOps – Snyk – A community that runs conferences, a blog, a podcast and a Slack workspace dedicated to DevSecOps.
Conferences
AppSec Day – OWASP – An Australian application security conference run by OWASP.
DevSecCon – Snyk – A network of DevSecOps conferences run by Snyk.
Newsletters
Shift Security Left – Cossack Labs – A free biweekly newsletter for security-aware developers covering application security, secure architecture, DevSecOps, cryptography, incidents, etc. that can be useful for builders and (to a lesser extent) for breakers.
Podcasts
Absolute AppSec – Seth Law & Ken Johnson – Discussions about current events and specific topics related to application security.
Application Security Podcast – Security Journey – Interviews with industry experts about specific application security concepts.
BeerSecOps – Aqua Security – Breaking down the silos of Dev, Sec and Ops, discussing topics that span these subject areas.
DevSecOps Podcast Series – OWASP – Discussions with thought leaders and practitioners to integrate security into the development lifecycle.
The Secure Developer – Snyk – Discussion about security tools and best practices for software developers.
Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.