Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Infusing Security Into the Application Development Process

Nginx via YouTube

Overview

Explore a comprehensive 43-minute video on infusing security into the application development process. Dive into various aspects of how, when, and why to incorporate security measures in software development. Learn about the Spring framework, open-source usage, and the importance of Software Bill of Materials (SBOM). Discover tools like Artifactory/Xray for generating and exporting SBOMs. Understand the significance of "everything as code" approach, vulnerability scanning, and the role of Certified Naming Authorities (CNA). Explore concepts such as SLSA (Supply Chain Levels for Software Artifacts) and automated security tools like FrogBot. Gain insights on securing container images, managing dependencies, and adopting a security-minded development approach. This informative discussion features Melissa McKay from JFrog and Damian Curry from NGINX, offering valuable lessons for modern application development.

Syllabus

Intro
Recap of what was covered in previous episodes
Introducing the Spring framework
Using open source in your application
Dependencies - https://xkcd.com/2347/
Introducing the Software Bill of Materials SBOM
Generating an SBOM in Artifactory/ Xray
Exporting an SBOM Artifactory/Xray
Who should be paying attention to security
Everything as code
How times have changed
Awareness is key
The Leftpad incident
Engineering in software engineering
Choosing components
Involving management in security
Considering security from the beginning
Available resources for vulnerability intel
All vulnerabilities vs applicable vulnerabilities
Importance of context in vulnerability scanning
What is a Certified Naming Authority CNA ?
Different flavors of vulnerability research
SLSA - Supply Chain Levels for Software Artifacts
A shared vocabulary
Automating SBOMs
From the developers side
FrogBot: scan pull requests for vulnerabilities after check-in
Securing your container images
Problems with always using the latest version
Looking into pyrsia.io for software supply chain security
Security-minded development

Taught by

NGINX, Inc

Reviews

Start your review of Infusing Security Into the Application Development Process

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.