Microsoft

Application and DevSecOps

Microsoft

Application and DevSecOps

 Microsoft

Instructor: Microsoft

Included with Coursera PlusLearn more

Ask Coursera

Gain insight into a topic and learn the fundamentals.
Advanced level

Recommended experience

6 hours to complete
Flexible schedule
Learn at your own pace
Gain insight into a topic and learn the fundamentals.
Advanced level

Recommended experience

6 hours to complete
Flexible schedule
Learn at your own pace

What you'll learn

  • Lead threat-modeling workshops to derive security requirements and structure control gates across complex systems.

  • Operationalize SAST, DAST, SCA, and secret-scanning within CI/CD and IaC pipelines to enforce risk-based gating and remediation.

  • Engineer secure containerized and Kubernetes environments by aligning workload protection with established cloud landing zones.

  • Design AI-enhanced security gates in Jenkins and GitHub Actions to prevent AI-related attack vectors across the software delivery lifecycle.

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

11 assignments¹

AI Graded see disclaimer
Taught in English

See how employees at top companies are mastering in-demand skills

 logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your Software Development expertise

This course is part of the Microsoft Cybersecurity Architecture Professional Certificate
When you enroll in this course, you'll also be enrolled in this Professional Certificate.
  • Learn new concepts from industry experts
  • Gain a foundational understanding of a subject or tool
  • Develop job-relevant skills with hands-on projects
  • Earn a shareable career certificate from Microsoft

There are 8 modules in this course

Before modeling a specific threat, an architect must establish the baseline security requirements for the enterprise. Learn how to define and operationalize secure-by-design principles that apply to all new software projects.

What's included

1 video2 readings1 assignment1 ungraded lab

A threat modeling session without a clear scope is guaranteed to fail. Learn to gather the right stakeholders, define the boundaries of the system being modeled, and select the appropriate methodology.

What's included

2 readings1 assignment1 ungraded lab

Put theory into practice. Learn to use the Microsoft Threat Modeling Tool (TMT) to draw Data Flow Diagrams, define trust boundaries, and automatically generate a matrix of architectural threats.

What's included

1 video2 readings2 assignments1 ungraded lab

Learn the difference between Static, Dynamic, and Software Composition Analysis, and how to embed them into GitHub Actions to automatically scan pull requests for vulnerabilities.

What's included

1 video2 readings1 assignment1 ungraded lab

Container security spans both the pipeline and runtime. Learn to design architectures that scan images in the registry and enforce admission control policies in Kubernetes.

What's included

2 readings1 assignment1 ungraded lab

Infrastructure is now code, meaning cloud misconfigurations and leaked secrets can be deployed instantly. Learn to scan Terraform templates and block exposed keys directly at the commit level.

What's included

1 video2 readings2 assignments1 ungraded lab

Generative AI introduces new application data flows and trust boundaries. In this module, you will update your Secure-by-Design standards to account for the OWASP Top 10 for LLMs. You will threat model an internal Copilot application to identify Prompt Injection vulnerabilities, and then architect the solution by mandating the integration of Azure AI Content Safety (Prompt Shields) into the application request path before LLM invocation, such as the API gateway or orchestration layer, alongside strict CI/CD pipeline validation gates.

What's included

1 video2 readings2 assignments

Synthesize your knowledge of threat modeling, SAST/DAST, strategic DAST placement, containers, and automated gating to design a secure DevSecOps pipeline architecture. You will document where security validation and control gates must be enforced across the Software Development Lifecycle (SDLC) to mitigate risks while minimizing unnecessary friction with engineering.

What's included

3 readings1 assignment

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV. Share it on social media and in your performance review.

Instructor

 Microsoft
374 Courses2,691,214 learners

Offered by

Microsoft

Explore more from Software Development

Why people choose Coursera for their career

Felipe M.

Learner since 2018
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."

Jennifer J.

Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."

Larry W.

Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."

Chaitanya A.

"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Frequently asked questions

¹ Some assignments in this course are AI-graded. For these assignments, your data will be used in accordance with Coursera's Privacy Notice.