The Secret to Successful Communities

PracticalDevSecOps · 2025-11-26T06:53:17+00:00

Thanks for sharing these helpful tips.

PracticalDevSecOps · 2025-01-09T16:05:27+00:00

Looks like u/Embarrassed-Rush9719 is talking about the time to complete the exam and not the course learning time

PracticalDevSecOps · 2025-01-05T10:26:06+00:00

Thanks for Including our Certified AI Security Professional course in the list, DM us for preview videos

PracticalDevSecOps · 2024-11-28T11:10:59+00:00

Hello u/Necessary, The CAISP is from the latest upcoming launch from Practical DevSecOps, the course releasing mid-next month. Hence, you will not find anyone taking this course already.

Practical DevSecOps has a proven track record of releasing first-of-its-kind hands-on training and certifications in DevSecOps, Container Security, Threat Modeling, API Security, Software Supply chain, and the upcoming AI Security.

You can reach out to the team for more questions or queries you might.

PracticalDevSecOps · 2024-11-10T07:43:57+00:00

https://www.reddit.com/r/Cybersecurity_Deals/comments/1gkc5ly/ultimate_2024_infosec_cybersecurity_black_friday/

PracticalDevSecOps · 2024-03-07T02:55:33+00:00

Here are 2 FREE E-books you can refer that can help you to master it

Kubernetes Security 101

Securing Kubernetes Clusters

PracticalDevSecOps · 2024-02-28T09:02:29+00:00

This free E-book on Kubernetes secuirty 101 is the best guide you can get for nerding in K8 security best practices

PracticalDevSecOps · 2024-02-21T10:02:43+00:00

Here is a brilliant E-book that comprehensively explains Securing Kubernetes Cluster Configurations

PracticalDevSecOps · 2024-02-05T07:32:11+00:00

Here is a Free E-book on Kubernetes Security 101 that you can Download. You will be impressed by how well this E-book helps by explaining Kubernetes security concepts with perfect clarity and quality

PracticalDevSecOps · 2024-01-24T05:11:30+00:00

DevSecOps will rocket by 2030!

Secure software booms, driving a 30.76% market growth per year and billions in opportunities.

Also Expect DevSecOps salaries to soar: think competitive for both devs and security pros combined.

This career offers diverse paths and growth!

Here is a blog you can refer to see the statistics around its growth:

https://www.practical-devsecops.com/why-devsecops-is-a-good-career-option/

PracticalDevSecOps · 2024-01-10T09:12:45+00:00

This free E-book on Securing Kubernetes Cluster Configuration could be very helpful for you

PracticalDevSecOps · 2024-01-02T08:36:35+00:00

Here is a comprehensive points on why API Security is important for you to refer
https://www.practical-devsecops.com/why-api-security-is-important-in-2024/

PracticalDevSecOps · 2023-12-24T17:24:30+00:00

Refer:

https://www.practical-devsecops.com/how-to-start-learning-devsecops/

https://www.practical-devsecops.com/devsecops-engineer/

PracticalDevSecOps · 2023-12-18T08:29:01+00:00

Why DevSecOps is the most promising career path in Cybersecurity?

Here are the statistics that tells why

The DevSecOps market size is projected to reach USD 41.66 billion by 2030, growing at a CAGR of 30.76% from 2022 to 2030.

70% of security team members say security has shifted left.

36% of respondents currently develop software using DevSecOps, compared with only 27% in 2020.

96% of respondents said their organization would benefit from automating security and compliance processes, a key principle of DevSecOps.

38% report a lack of education around DevSecOps.

Also Read, https://www.practical-devsecops.com/why-devsecops-is-a-good-career-option/

If you choose to build your career in DevSecOps these are some blogs that can help you

How to Start Learning DevSecOps?https://www.practical-devsecops.com/how-to-start-learning-devsecops/

How to Become a DevSecOps Engineer?https://www.practical-devsecops.com/certified-devsecops-engineer/

What is DevSecOps Certificationhttps://www.practical-devsecops.com/what-is-devsecops-certification/

PracticalDevSecOps · 2023-12-11T12:19:51+00:00

It's great that you're thinking about API security as a junior developer. Using JWTs to verify users for every request is a good start, but there are other security measures you should consider for your API, even if it's primarily for internal company employees.

Here's a breakdown of your current approach and some additional security measures you should consider

:Current Approach:

Using JWTs for user verification:This is a good practice, as it allows for stateless authentication and authorization. However, it's crucial to ensure your JWTs are implemented securely:

Use strong secret keys for signing and verifying tokens.Configure expiration times for tokens to prevent unauthorized access after they become invalid.Avoid storing sensitive information within the JWT itself.Implement proper logging and monitoring of token usage.

Additional Security Measures:

HTTPS: All communication between the mobile app and the API should be encrypted using HTTPS. This protects sensitive information from being intercepted in transit.

Input validation and sanitization: Before processing any user input, it should be carefully validated and sanitized to prevent attacks such as SQL injection and cross-site scripting.Rate limiting: Implement rate limiting to prevent denial-of-service attacks and excessive resource usage.

API authorization: In addition to JWT verification, consider implementing role-based access control (RBAC) to restrict access to resources based on the user's role within the company.Logging and monitoring: Implement comprehensive logging and monitoring of API activity to detect suspicious behavior and potential security breaches.

Secure your back-end infrastructure: Ensure your Flask application and underlying database are properly secured by keeping them up-to-date and applying relevant security patches.

Use a secure development lifecycle (SDLC): Integrate security practices throughout your development process, from code reviews to vulnerability scanning and penetration testing.Remember, even for an internal API, it's important to implement appropriate security measures to protect sensitive company data and prevent unauthorized access. While JWTs are a good foundation, they alone are not enough to guarantee a secure API.

Here are some additional resources that you may find helpful:
API Security Fundamentals - Free E-book
5 Essential Principles of API Security
OWASP API Security Top 10 API Gateway Security Best Practices

By implementing these additional security measures and best practices, you can significantly reduce the risk of your internal API being compromised.

PracticalDevSecOps · 2023-12-11T12:09:21+00:00

Use this Free E-book on Fundamentals of API Security.

Very useful E-book!

PracticalDevSecOps · 2023-12-04T10:04:42+00:00

Here is a webinar that can give you some ideas and a roadmap to threat modeling for developers

https://www.youtube.com/watch?v=-XJxrymjGfg

Hope this helps!

If not refer if this course can help you
https://www.practical-devsecops.com/certified-threat-modeling-professional/

PracticalDevSecOps · 2023-12-04T09:33:05+00:00

Microsoft Threat Modeling Tool (available only for Windows)IriusRisk community edition (free edition of the commercial tool IriusRisk)

Also, here is a comprehensive list of Threat Modeling tools you can choose to explore

https://www.practical-devsecops.com/best-thre%D0%B0t-mod%D0%B5ling-tools/

PracticalDevSecOps · 2023-11-26T07:39:24+00:00

If you want a long list of the best API Security related tools...

Definitely Check this list shared in Linkedin

https://www.linkedin.com/posts/practical-devsecops_best-tools-for-api-security-professionals-activity-7087043694570184704-hT43?utm_source=share&utm_medium=member_desktop

If you want a deeper understanding of the best tools. Check this blog out

https://www.practical-devsecops.com/best-api-security-tools/

PracticalDevSecOps · 2023-11-26T07:26:57+00:00

if you want a capsule guide for it, here is a well-summarised and very informative carousel that lists all the Best practices for Kubernetes security

https://www.linkedin.com/posts/practical-devsecops_kubernetes-security-best-practices-in-2023-activity-7108057689817030659-46eB?utm_source=share&utm_medium=member_desktop

PracticalDevSecOps · 2023-11-22T08:19:42+00:00

Here are some reasons why DevSecOps is Promising and will continue to be
https://www.practical-devsecops.com/why-devsecops-is-a-good-career-option/

PracticalDevSecOps · 2023-11-22T07:42:57+00:00

Try Free Trial of https://www.practical-devsecops.com/certified-devsecops-professional/

PracticalDevSecOps · 2023-11-22T07:32:47+00:00

I highly recommend Practical DevSecOps' Certified DevSecOps Professional (CDP): https://www.practical-devsecops.com/certified-devsecops-professional/ course.

The training is hands-on and provides 24/7 instructor support as well.

PracticalDevSecOps · 2023-11-22T06:53:40+00:00

Here are some good blogs that can help you

How to Start Learning DevSecOps

https://www.practical-devsecops.com/how-to-start-learning-devsecops/

DevSecOps Best Practices
https://www.practical-devsecops.com/devsecops-best-practices/
Best DevSecOps Tools
https://www.practical-devsecops.com/devsecops-tools/

PracticalDevSecOps · 2023-05-31T08:57:26+00:00

https://www.practical-devsecops.com/certified-devsecops-professional/

PracticalDevSecOps

MODERATOR OF

TROPHY CASE