A comprehensive overview of controls

1. Application Security Verification Standard

During this course, we have covered some very important topics about web application security. However, you have to keep in mind that this course is by no means an exhaustive summary of all possible attacks. Therefore, if you ever release a real-life application, you should first validate it using the Application Security Verification standard. This standard provides a basis for designing, building, and testing technical application security controls, including architectural concerns, secure development lifecycle, threat modelling, agile security including continuous integration / deployment, serverless, and configuration concerns.

Certain parts of this standard are part of the required study material (see Digitap for an overview of these parts). In any case, read through the whole standard to get a comprehensive overview of all the controls that you should include in your web application. Go to https://github.com/OWASP/ASVS#latest-released-version to download the latest version of the standard.

2. Top resources to use in a devsecops environment

This list provides you with some resources that I have found to be very useful. I will regularly update this list.

• https://infosec.mozilla.org/guidelines/web_securit

• https://github.com/microsoft/attacksurfaceanalyzer

• https://www.sans.org/security-resources/posters/secure-devops-toolchain-swat-checklist/60/download

• https://github.com/toniblyx/my-arsenal-of-aws-security-tools

• https://bettercrypto.org/

• https://www.owasp-risk-rating.com/