AZ-400: Implement security and validate code bases for compliance

Learning Path
6 Modules

Advanced

Administrator

Developer

DevOps Engineer

Security Engineer

Security Operations Analyst

Service Adoption Specialist

Solution Architect

Technology Manager

Azure

Azure Artifacts

Azure Boards

Azure Cloud Services

Azure DevOps

Azure Pipelines

Azure Repos

Azure Test Plans

GitHub

This learning path explores an infrastructure and configuration strategy and appropriate toolset for a release pipeline and application infrastructure. It explains compliance and security implementation in your application infrastructure.

Prerequisites

None

Modules in this learning path

Introduction to Secure DevOps

This module introduces DevSecOps concepts, SQL injection attacks, threat modeling, and security for continuous integration.

Implement open-source software

This module explores open-source software and corporate concerns with software components. Also, it explains common open-source licenses, license implications, and ratings.

Software Composition Analysis

This module explains Composition Analysis, how to inspect and validate code bases for compliance, integration with security tools, and integration with Azure Pipelines.

Static analyzers

This module introduces the static analyzers SonarCloud and CodeQL in GitHub.

OWASP and Dynamic Analyzers

This module explores OWASP and Dynamic Analyzers for penetration testing, results, and bugs.

Security Monitoring and Governance

This module describes security monitoring and governance with Microsoft Defender for Cloud and its usage scenarios, Azure Policies, Microsoft Defender for Identity, and security practices related to the tools.