From the course: Application Security Posture Management: Security from the Supply Chain to Cloud Runtime
Join today to access over 25,500 courses taught by industry experts.
Challenges with securing code
From the course: Application Security Posture Management: Security from the Supply Chain to Cloud Runtime
Challenges with securing code
- [Presenter] For security engineers like us, hopping into a new code repository can be overwhelming. First, it's important to remember that you can't be an expert on every single technology, every single coding language that exits or has ever existed. Because of that, don't worry when you go into your developer's repositories and something doesn't immediately make sense to you. That being said, there are some general categories of files that are helpful to know so that even when approaching new application frameworks, you'll be able to confidently navigate what's there. First, there's the basic repository information files. These are general files you'll see in most repositories, like we discussed earlier. These files are most commonly README, SECURITY, LICENSE, CHANGELOG, CODEOWNERS and .gitignore. As you can tell, these files are often in all caps or have dots in front of them to help them stand out from other files. Quickly going through each of these at a high level, the MD…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
(Locked)
Challenges with securing code4m 34s
-
(Locked)
Static application security testing (SAST)4m 50s
-
(Locked)
Software bill of materials (SBOM)5m 14s
-
(Locked)
Software composition analysis (SCA)4m 50s
-
(Locked)
Secret scanning5m 25s
-
(Locked)
Infrastructure as code scanning3m 27s
-
(Locked)
Challenge: Run your own scan59s
-
(Locked)
Solution: Run your own scan1m 35s
-
(Locked)
-
-
-
-