Terraform

What's Included?

Secure Development Core Lesson Modules

Intro to Secure Coding

The need for secure coding, what are secure coding standards and how does a developer use them, and the potential dangers of Stack Overflow. Languages are complex. Secure coding is about creating code that is correct and secure.

Secure Coding Best Practices: Part 1

Explore the OWASP Proactive Controls, including Define Security Requirements, Leverage Security Frameworks and Libraries, Secure Database Access, Encode and Escape Data, and Validate All Inputs. OWASP Proactive Controls is security information written for developers, by developers.

Secure Coding Best Practices: Part 2

Explore the OWASP Proactive Controls, including Enforce Access Control, Protect Data Everywhere, Implement Security Logging and Monitoring, and Handle All Errors and Exceptions. OWASP Proactive Controls is security information written for developers, by developers.

Language Typing

In this module, we explain how a languages type system is categorized and what the main categories are. We discuss the difference between static and dynamic languages as well as weak and strongly typed languages.

Securing the Development Environment

The threats that your development environment faces, how to reduce development environment risk, and the ten tips to secure your development environment. Development environment threats are real and following simple tips to secure your development environment can significantly reduce your exposure.

Protecting your Code Repository

Why you need to protect your code repository, the security challenges in choosing a repository, the impact of not protecting access credentials and separating secrets in the source code. Your code is your product or application. If it is left unsecured, it could fall into the hands of a competitor.

Producing a Clean, Maintainable, & Secure Code Culture

The sources of complexity in software that led to security vulnerabilities and the twelve laws that act as the foundation for a clean, maintainable, and secure code culture. Developers must strive for secure code. Secure code is both clean and maintainable.

Secure the Release

Potential security threats are impacting your release and deployment process and ways to improve the security of your release and deployment process. The release and deployment process is how our code gets delivered to our customers. The introduction of an unauthorized piece of code by an attacker could be devastating.

Designing a Secure App or Product

The four pillars of a secure application or product, secure application or product decisions, and the categories of the design of a secure application or product. A new application or product deserves a secure design. Security becomes a reality through careful design choices.

Thinking Like A Penetration Tester

The tools and methodologies to help a developer think like a penetration tester, how penetration testers use browsers and intercepting proxies, testing, fuzzing, and reverse engineering, and applying the knowledge of these topics to your world as a developer. Developers generally focus on the build; to better secure your applications, products, and systems, think like one who breaks.

Secure Design Principles in Action: Part 1

The economy of mechanism, secure the weakest link, establish trust boundaries, defense in-depth, don’t reinvent the wheel, usable security and default deny. Secure design principles require action to achieve “secure by design.”

Secure Design Principles in Action: Part 2

In this module, we explore secure design principles such as minimizing the attack surface, fail securely, least privileged, separation of duties, do not trust services/ infrastructure, and secure defaults. Employing a common understanding of secure design principles encourages secure design, and secure design equals fewer vulnerabilities.

Secure Coding tips

In this module, we discuss tips to secure your C and C++ applications. These include things such as always initializing variables and never transferring ownership with raw pointers.

Input Validation

In this module, we discuss the difference in input validation within C++ and other languages. We discuss validating numbers and bounds checking and the famous Heartbleed Bug.

Lambdas

In this module, we discuss lambdas within the C++ language and the security issues that can arise with their use. We also discuss the changes that have made lambdas more secure and the guidelines to use them correctly.

C++ 20

In this module, we discuss the new additions to C++ in C++20 and how they may be used to secure your applications. These include things like safe integer comparisons, span, and ranges.

Terraform

Green Belt Path

Intro to Secure Development

The definition of secure development and it’s pieces. Each developer has secure development responsibilities. Secure development starts and ends with the developer. Your software, hardware, and infrastructure are only as safe as you make them. Developers are the first line of defense.

Securing the Development Environment

Protecting your Code Repository

Secure the Release

Designing a Secure App or Product

Thinking Like A Penetration Tester

Secure Design Principles in Action: Part 1

Secure Design Principles in Action: Part 2

Introduction to Terraform Security

In this module, we will explain how Terraform can improve your security posture, how a patient iterative process and collaboration greatly increase security, how to use feature toggles, and the best ways of conducting an IaC code review.

Terraform Best Practices

In this module, we introduce processes that keep Terraform away from danger, explore secure infrastructure layouts, discuss common security mistakes and how to maintain the least privilege.

Secure Terraform Modules

In this module, we detail Terraform module anatomy, explore essential requirements for creating secure modules, and demonstrate versioning, validation, and testing strategies for modules.

Securing Terraform State

In this module, we dive deep into Terraform statement management, discuss the threat model and common attack vectors against the state files, and learn mitigation strategies that can protect them.

Terraform and Secrets

In this module, we explain the dangers of carelessness when managing secrets, how secrets are commonly leaked, how they can be protected, and the proper way to set up Terraform to contribute to secret distribution without compromising security.

Leveraging Terraform Tools for Security

In this module, we introduce and explore various Terraform tools that can help increase security, note the differences between them, demonstrate their application, and recommend an essential set.

See our full catalog

Terraform

Example Terraform Concepts

What's Included?

I Want To Try It!