{"id":40365,"date":"2021-07-31T00:00:40","date_gmt":"2021-07-31T07:00:40","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/premier-developer\/?p=40365"},"modified":"2021-07-30T12:59:54","modified_gmt":"2021-07-30T19:59:54","slug":"workshop-spotlight-secure-devops-application-security-principles-and-practices","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/premier-developer\/workshop-spotlight-secure-devops-application-security-principles-and-practices\/","title":{"rendered":"Workshop Spotlight: Secure DevOps – Application Security Principles and Practices"},"content":{"rendered":"

Reed Robison<\/a> spotlights the Secure DevOps: Application Security Principles and Practices Workshop.<\/p>\n

\n

Developers juggle so many technologies that it\u2019s incredibly difficult to consider all the security ramifications of the code they build. Almost every customer I work with will say that security is a priority, and most have dedicated security teams that go to great lengths to validate secure infrastructure and architecture. That said, when it comes to applying secure practices in the development of code, very few invest to upskill developers. Security is a partnership of stakeholders, and if you ignore this with developers, it can be a costly oversight. In this post, I want to spotlight a workshop we offer that can help– Secure DevOps: Application Security Principles and Practices.<\/p>\n

Many of the posts on our blog are technical in nature, but from time to time I like to spotlight services and workshops under our Premier and Unified Support relationships that you may not be aware of. Beyond the incident support in these support agreements, there is a large catalog of workshops available to help teams build skills.<\/p>\n

This is a workshop available to Premier and Unified Support customers, so if you are not familiar with those programs, you can learn more here<\/a>. If you just want to drill into more info about some of the topics covered in the workshop, see the Additional Resources<\/em> links at the bottom of this article.<\/p>\n

Let\u2019s look at the Secure DevOps: Application Security Principles and Practices Workshop.<\/strong><\/p>\n

From the syllabus:<\/em><\/p>\n

Secure DevOps: Application Security Principles and Practices is a two-day workshop that focuses on concepts, methodologies, and workflows that have been proven to yield more secure code. In this class, we discuss practices adopted at Microsoft (and other companies) that have facilitated improvements in application security. This workshop takes a hands-on approach to implementing secure design, secure verification, and secure implementation techniques to produce more secure software. Target audience are individuals in a technical role who are involved in building, architecting, testing, and designing secure software. People who manage software development teams and software development processes will also find much of the Security Development Lifecycle and Secure DevOps content helpful. This workshop also has a an optional 1-day add-on that discuss the OWASP Top 10.<\/p>\n

<\/p>\n

The workshop covers 2-3 days in duration and drills into the following areas:<\/p>\n

Module 1: Evolution to Secure DevOps<\/p>\n