In this course, you will learn what threat modeling is and how to apply STRIDE to identify potential threats in your applications. You are also going to learn to identify the risks and estimate the cost and time needed to mitigate them.

In this course, you will learn the basics of Azure DevOps and implement your DevOps workflow in the hands-on lab. You will also learn how to make a secure connection to other Azure services from your pipeline and how to create an automated CI/CD pipeline.

At the end of this course, you will know how to apply basic principles of secrets management for your applications. You will also learn how to store & manage your application secrets in a safe way by using the open-source tool HashiCorp Vault.

This course teaches you to efficiently handle AWS S3 buckets and their vulnerabilities - which are, according to many experts, one of the top AWS cloud risks. At the end of this course, you will know how to secure AWS S3 buckets using Terraform, s3tk, Checkov, and the AWS CLI.

At the end of this course, you will know what static application security testing (SAST) means and how to integrate tools to find vulnerabilities automatically. You will also learn how to integrate a SAST scan tool into a Gitlab CI/CD workflow, and how to detect, exploit, and patch common PHP vulnerabilities.

In this course, you will learn how to automate compliance as code. You will also develop an understanding of how compliance as code can be enforced on your infrastructure as code scripts (IaC) to prevent common mistakes from development teams.

This course will teach you how to perform security scans in a running web application. You will deploy the website and then run the scans using OWASP ZAP. You will also get to fix the vulnerabilities present in the source code and generate reports for further analysis.

This course teaches you how to define runtime rules for your containers running on Kubernetes. You will also learn how to set up an open-source container runtime security tool called Falco and a Kibana dashboard to monitor your containers against these rulesets.

Imagine running critical workloads on Azure infrastructure and having to continuously assure your team that the Terraform scripts spinning up Azure resources adhere to your company's security policies. Learn how to automatically validate infrastructure as code before deployment with OPA to avoid non-compliance.