From the course: Certificate of Cloud Security Knowledge (CCSK) Cert Prep
Join today to access over 25,500 courses taught by industry experts.
Secure coding, continuous build, integration, and testing
From the course: Certificate of Cloud Security Knowledge (CCSK) Cert Prep
Secure coding, continuous build, integration, and testing
- [Instructor] The secure coding phase assures that automated tools replace manual code reviews to identify vulnerabilities. It also means coders are trained to build security into their code rather than bolting security on after deployment. While the CCSK doesn't go deeply into this phase, it is imperative that developers understand and apply secure coding practices as in the OWASP security coding process. Testing can be viewed as happening pre and post development. First, let's examine pre-development. A key element of the continuous build phase being accomplished securely is the proper management of secret digital authentication credentials, which include passwords, keys, tokens, and other sensitive materials used by applications. Scanning against sensitive information being exposed and stolen is extremely important. The tools and policies of a secrets management system enables the systemic creation, distribution, rotation, and revocation of access of credentials. Automated…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.