Microsoft Azure DevSecOps: Application Security Principles and Practices Resources - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Friday, March 10, 2023

Microsoft Azure DevSecOps: Application Security Principles and Practices Resources

Azure DevOps provides developer services for allowing teams to plan work, collaborate on code development, and build and deploy applications. Azure DevOps supports a collaborative culture and set of processes that bring together developers, project managers, and contributors to develop software. It allows organizations to create and improve products at a faster pace than they can with traditional software development approaches.

You can work in the cloud using Azure DevOps Services or on-premises using Azure DevOps Server. For information on the differences between the cloud versus on-premises platforms, see Azure DevOps Services and Azure DevOps Server.




Azure DevOps Portal: https://azure.microsoft.com/en-us/products/devops/
Azure DevOps Tutorial: https://azure.microsoft.com/en-ca/solutions/devops/tutorial/

Introduction

Azure DevOps provides integrated features that you can access through your web browser or IDE client. You can use one or more of the following standalone services based on your business needs:

  • Azure Repos provides Git repositories or Team Foundation Version Control (TFVC) for source control of your code. For more information about Azure Repos, see What is Azure Repos?.
  • Azure Pipelines provides build and release services to support continuous integration and delivery of your applications. For more information about Azure Pipelines, see What is Azure Pipelines?.
  • Azure Boards delivers a suite of Agile tools to support planning and tracking work, code defects, and issues using Kanban and Scrum methods. For more information about Azure Boards, see What is Azure Boards?.
  • Azure Test Plans provides several tools to test your apps, including manual/exploratory testing and continuous testing. For more information about Azure Test Plans, see Overview of Azure Test Plans
  • Azure Artifacts allows teams to share packages such as Maven, npm, NuGet, and more from public and private sources and integrate package sharing into your pipelines. For more information about Azure Artifacts, see Overview of Azure Artifacts.



Sign Up


Azure DevOps Services

When you sign up for Azure DevOps, you get the following tier of free services:

  • First five users free (Basic license)
  • Azure Pipelines:
    • One Microsoft-hosted CI/CD (one concurrent job, up to 30 hours per month)
    • One self-hosted CI/CD concurrent job
  • Azure Boards: Work item tracking and Kanban boards
  • Azure Repos: Unlimited private Git repos
  • Azure Artifacts: Two GiB free per organization

You can sign up for Azure DevOps with either a Microsoft or GitHub account. 


Tips: https://learn.microsoft.com/en-us/azure/devops/user-guide/sign-up-invite-teammates?view=azure-devops



Practices

Secure development lifecycle practices



Note: https://www.microsoft.com/en-us/securityengineering/devsecops

Practice #1—Provide Training

Practice #2—Define Requirements (Minimum-security baseline)

Practice #3—Define Metrics and Compliance Reporting

Practice #4—Use Software Composition Analysis (SCA) and Governance

Useful links:

Practice #5—Perform Threat Modeling
Practice #6—Use Tools and Automation

Practice #7—Keep Credentials Safe

Practice #8—Use Continuous Learning and Monitoring




No Data Available







Secure DevOps: Application Security Principles and Practices, All Modules

https://mslearningcampus.com/
Once logged in using your personal account, you can view your current enrolled training:





Links


  • https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  • https://www.microsoft.com/en-us/securityengineering/sdl/practices
  • https://dev.azure.com/secureDevOpsDelivery/_git/MyHealthClinicSecDevOps-Public?path=%2FLabs
  • https://www.microsoft.com/en-us/securityengineering/osa/practices
  • https://learn.microsoft.com/en-us/compliance/regulatory/offering-home
  • https://learn.microsoft.com/en-us/security/benchmark/azure/
  • https://dev.azure.com/secureDevOpsDelivery/_git/MyHealthClinicSecDevOps-Public?path=/Labs/Module-3-Application-Security-Principles.md&_a=preview
  • https://owasp.org/www-project-zap/
  • https://www.cloudflare.com/learning/ssl/lava-lamp-encryption/
  • https://github.com/azsk/AzTS-docs
  • https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
  • https://www.microsoft.com/en-us/trust-center/compliance/compliance-overview
  • https://mitre-attack.github.io/attack-navigator/
  • https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement
  • https://www.first.org/cvss/calculator/3.0
  • https://learn.microsoft.com/en-us/security/sdl/security-bug-bar-sample



References



  • https://mslearningcampus.com/







No comments:

Post a Comment