Microsoft Azure DevSecOps: Application Security Principles and Practices Resources

Azure DevOps provides developer services for allowing teams to plan work, collaborate on code development, and build and deploy applications. Azure DevOps supports a collaborative culture and set of processes that bring together developers, project managers, and contributors to develop software. It allows organizations to create and improve products at a faster pace than they can with traditional software development approaches.

You can work in the cloud using Azure DevOps Services or on-premises using Azure DevOps Server. For information on the differences between the cloud versus on-premises platforms, see Azure DevOps Services and Azure DevOps Server.

Azure DevOps Portal: https://azure.microsoft.com/en-us/products/devops/

Azure DevOps Tutorial: https://azure.microsoft.com/en-ca/solutions/devops/tutorial/

Introduction

Azure DevOps provides integrated features that you can access through your web browser or IDE client. You can use one or more of the following standalone services based on your business needs:

  • Azure Repos provides Git repositories or Team Foundation Version Control (TFVC) for source control of your code. For more information about Azure Repos, see What is Azure Repos?.
  • Azure Pipelines provides build and release services to support continuous integration and delivery of your applications. For more information about Azure Pipelines, see What is Azure Pipelines?.
  • Azure Boards delivers a suite of Agile tools to support planning and tracking work, code defects, and issues using Kanban and Scrum methods. For more information about Azure Boards, see What is Azure Boards?.
  • Azure Test Plans provides several tools to test your apps, including manual/exploratory testing and continuous testing. For more information about Azure Test Plans, see Overview of Azure Test Plans
  • Azure Artifacts allows teams to share packages such as Maven, npm, NuGet, and more from public and private sources and integrate package sharing into your pipelines. For more information about Azure Artifacts, see Overview of Azure Artifacts.

Sign Up

Azure DevOps Services

When you sign up for Azure DevOps, you get the following tier of free services:

  • First five users free (Basic license)
  • Azure Pipelines:
    • One Microsoft-hosted CI/CD (one concurrent job, up to 30 hours per month)
    • One self-hosted CI/CD concurrent job
  • Azure Boards: Work item tracking and Kanban boards
  • Azure Repos: Unlimited private Git repos
  • Azure Artifacts: Two GiB free per organization

You can sign up for Azure DevOps with either a Microsoft or GitHub account. 

Tips: https://learn.microsoft.com/en-us/azure/devops/user-guide/sign-up-invite-teammates?view=azure-devops

Practices

Secure development lifecycle practices

Note: https://www.microsoft.com/en-us/securityengineering/devsecops

Practice #1—Provide Training

Practice #2—Define Requirements (Minimum-security baseline)

Practice #3—Define Metrics and Compliance Reporting

Practice #4—Use Software Composition Analysis (SCA) and Governance

Useful links:

Practice #5—Perform Threat Modeling
Practice #6—Use Tools and Automation

Practice #7—Keep Credentials Safe

Practice #8—Use Continuous Learning and Monitoring




No Data Available


Secure DevOps: Application Security Principles and Practices, All Modules

https://mslearningcampus.com/

Links

  • https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  • https://www.microsoft.com/en-us/securityengineering/sdl/practices
  • https://dev.azure.com/secureDevOpsDelivery/_git/MyHealthClinicSecDevOps-Public?path=%2FLabs
  • https://www.microsoft.com/en-us/securityengineering/osa/practices
  • https://learn.microsoft.com/en-us/compliance/regulatory/offering-home
  • https://learn.microsoft.com/en-us/security/benchmark/azure/
  • https://dev.azure.com/secureDevOpsDelivery/_git/MyHealthClinicSecDevOps-Public?path=/Labs/Module-3-Application-Security-Principles.md&_a=preview
  • https://owasp.org/www-project-zap/
  • https://www.cloudflare.com/learning/ssl/lava-lamp-encryption/
  • https://github.com/azsk/AzTS-docs
  • https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
  • https://www.microsoft.com/en-us/trust-center/compliance/compliance-overview
  • https://mitre-attack.github.io/attack-navigator/
  • https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement
  • https://www.first.org/cvss/calculator/3.0
  • https://learn.microsoft.com/en-us/security/sdl/security-bug-bar-sample

References

  • https://mslearningcampus.com/

版权声明:
作者:zhangchen
链接:https://www.techfm.club/p/40623.html
来源:TechFM
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>