Our release this quarter focuses on two areas:
- DevOps: gaining specialized skills to master tools and optimize a DevOps workstream
- Emerging Challenges: understand how to secure open-source software and privacy data
DevOps
Building upon our DevOps fundamentals courses released earlier this year, these seven new role-based courses are short but hard-hitting modules that enable teams to amass key DevOps skills in automation and security quickly. As an example of the importance of these courses, according to Forrester’s The State of Application Security 2020 report, “the top Docker images all have vulnerabilities — and not just one or two vulnerabilities, but tens or even hundreds”.
New DevOps automation courses:
- Automating CI/CD Pipeline Compliance
- Automating Secure Configuration Management
- Automating Security Updates
- Automated Security Testing
New DevOps Threats & Mitigation courses:
- Identifying Threats to Containers and Data in a DevSecOps Framework
- Securing API Gateways in a DevSecOps Framework
- Orchestrating Secure System and Service Configuration
Emerging Challenges: Privacy Data and Open Source Software
The global impacts of GDPR and CCPA have heightened the need for privacy concerns throughout the SDLC. Though privacy protection is growing in need across all platforms, it is especially relevant in cloud and DevOps environments where the loss of data control and automated data parsing is significant. Fundamentals of Privacy Protection helps teams integrate engineering activities to protect privacy data and rollout improved communication programs.
To meet ongoing demands for feature-rich solutions, organizations continue to rely on open source and 3rd party software. While this accelerates time-to-market, it also introduces unknown risks which are supported by the following data points:
- Estimates from Sonatype and Synopsys indicate that as much as 97% of modern enterprise applications use open-source or 3rd-party libraries with an average of 257 components per application
- Forrester’s The State of Application Security 2020 report (see figure below) indicates that open-source vulnerabilities increased by more than 50% in 2019.
To reduce these risks, Securing the Open Source Supply Chain describes how to implement security controls and ensure update measures are in place to minimize attack surfaces.
What’s coming in October 2020 Release?
In addition to supporting our current catalog, our October 2020 release will feature updates to our C/C++ courses with advanced coding interactions based on feedback derived from the prototype we released earlier this year. In addition to these updates, we will release courses around security browser-based JavaScript/Typescript Applications, the PCI Secure Software Framework, Infrastructure as Code, General Purpose Programming, Cloud Governance/Compliance, OWASP ASVS, and DevSecOps Practices.
Want more detail? Check out our course updates in-depth.