What is DevSecOps?

DevSecOps is a development methodolgy that enables rugged software with quality baked in from the start. A key component is security. When following DevSecOps, the application team is passionate about preventing vulnerabilities, improving the development pipeline based on lessons learned, and remediating remaining vulnerabilities before the project is released.

DevSecOps is different. Security is integrated into the project from the moment the project is imagined until the project is sunset. Assessment is performed continuously to identify issues as early as possible in order to minimize costs and disruption. When possible, issues are avoided entirely. Sounds interesting? Check out this 2-part video series explaining the core concepts of DevSecOps.

There are many tools available to test application code and security within the DevOps pipeline. The following tutorials can help you get started.

• Software Composition Analysis (SCA) Tools

• OWASP Zed Attack Proxy (ZAP) Playlist

• Burp-Suite 2 Playlist

• SSL Scan Playlist