#
Secure Development
Software development for the joy of building cool stuff, with a bit of security here and there.
#
Pre-reqs
- OWASP Web Top 10
- PortSwigger Web Security Academy
- OWASP API Top 10
#
Important
Code should be secured in all states at all times.
- Secure Workstation (clean host to store code)
- Secure Code (secure coding practices while you build)
- Secure CICD Pipeline (securely move the code though different environments)
- Secure Cloud (protect the IaaS and the code while it runs in any cloud env)
For Detection and Response see Blue Teaming
#
Secure Workstation
- Software
- Configurations
- Secrets Management
- Networking
#
Secure Code
- Secure coding practices
- OWASP Top 10/20
- OWASP API Top 10
- OWASP Mobile Top 10
- OWASP SAMM - Software Assurance Maturity Model
#
Secure CICD Pipeline
- CIS DevSecOps Benchmarks (GitHub)
#
Secure Cloud
- CIS Benchmarks (AWS/Azure/GCP)
- NIST 800-210
#
Dev Bad Practices
[coming soon]