What is this session about?

Today IT security is not something we care about after the system has been released but instead we must build security into our products and processes. We need to think about security when we write code to avoid exposing attack surfaces, we need to carefully assess the modules we base our solutions on and we need to make sure we continuously inspect the result of the security analysis.

Last time we looked at the software development lifecycle and how we can automate the process using Azure DevOps and GitHub. This time we are going to extend the process to include security practices to limit the risk of introducing vulnerabilities in the product we build and release.
If you have missed the previous session, you can view it HERE

The topics covered are:

What is DevSecOps?
Secure development practices
Static code scanning for vulnerabilities using GitHub
Dynamic security analysis using OWASP