Learning Path: DevSecOps
Static Analysis (SAST) and Code Review for DevSecOps
An application is only as secure as the source code it’s built on. That’s the philosophy behind Static Application Security Testing (SAST), which allows security engineers to identify threats to their apps at the source code level. This is the heart of Continuous Application Security, and it’s what this course is all about.
In this program, we’ll be going over some of the most common SAST tools, including methods of automating security tooling in a CI/CD pipeline. You’ll spend time rolling out SAST workflows and actually ‘building’ security pipelines that can be integrated into an organization’s DevOps process. Our hands-on labs will even walk you through methods to perform SAST incrementally to boost the efficiency of security testing in your software development lifecycle.
This course is designed to teach you everything you need to know about static application security and how it ties into a sustainable DevOps practice. Our material is backed by years of security testing experience, knowledge, and original research across our entire team. That’s why we’ve chosen to focus on showing you practical, real-world strategies and techniques that bring you closer to a successful DevSecOps implementation.
Beginner Proficiency
DevSecOps Expert
4 hours
25 lessons
5 Cloud Labs
Course Outline
Introduction
- Course Introduction
- Course Pre-requisites
- Pre-Commit Security
Essential Static Analysis
- SAST Types and Tools
- SAST – Regex and AST
- Good Rules of SAST
- Semantic Grep and QL
Automating Static Analysis
- SAST Automation Approaches