Expert CyberSecurité & DevSecOps : Développer, PenTester et Déployer des applications sécurisées

Dans les activités précédentes, tu as découvert ce qu'est un réseau, les notions d'hôte, de lien et de paquet. Tu as cartographié ton réseau domestique et manipulé le vocabulaire de base. Il est maintenant temps d'approfondir deux concepts absolument...

**Rappel théorique** Avant de commencer cet atelier, revenons sur les concepts fondamentaux abordés dans les cours précédents. Un réseau informatique est un ensemble d'hôtes (ordinateurs, smartphones, imprimantes, box internet, objets connectés) reli...

Un réseau informatique est un ensemble de dispositifs interconnectés qui peuvent échanger des données entre eux. Avant de comprendre comment sécuriser un réseau, comment réaliser un test d'intrusion ou comment déployer une application sécurisée, il e...

Bienvenue dans ce chapitre consacré aux fondamentaux des réseaux, des protocoles et du modèle OSI. Ce chapitre constitue la pierre angulaire de toute votre progression dans le domaine de la cybersécurité et du DevSecOps. Sans une compréhension solide...

Ce cours constitue la synthèse de l'ensemble du chapitre d'introduction au cursus Expert CyberSécurité et DevSecOps. Il s'agit ici de consolider tous les concepts abordés, de les relier entre eux de manière cohérente, et d'ouvrir la voie vers les cha...

**Rappel théorique** Un rapport de vulnérabilités est un document structuré qui permet de communiquer une faille de sécurité de manière claire, reproductible et exploitable par les équipes de développement et de management. Il ne s'agit pas simplemen...

**Theoretical Recap** A vulnerability report is a structured document that communicates security findings to both technical and non-technical stakeholders. Understanding how to read and extract key information from such a report is a foundational ski...

Understanding how to read a vulnerability report is a foundational skill for anyone entering the field of cybersecurity or DevSecOps. Whether you are reviewing a report produced by a penetration tester, an automated scanning tool, or a security team,...

A pre-commit checklist is a structured list of security and quality checks that every developer must run — or that are automatically triggered — before any piece of code is officially committed to a shared version control repository such as Git. The ...

## Project Overview This mini-project is the capstone activity of the INTRO chapter. Having covered Git security policies, pre-commit hooks, OWASP Top 10, CIA triad, Shift-Left/Shift-Right/Feedback Loop principles, and pipeline security mapping, you ...

**Theoretical Recap** Integrating security tests into an existing CI/CD workflow is the operational heart of DevSecOps. The core principle is simple: security checks must not be an afterthought bolted onto the end of a pipeline — they must be embedde...

Security in software development has undergone a profound transformation over the past two decades. Traditionally, security was treated as a final checkpoint: developers would write code, assemble an application, and only at the very end would a secu...

**Theoretical Recap** The OWASP Top 10 is a regularly updated reference document listing the ten most critical web application security risks. It is not a checklist to mechanically tick off, but a risk map that helps teams prioritize where to focus t...

Before diving into penetration testing techniques or setting up a secure delivery pipeline, every cybersecurity practitioner must understand what they are actually protecting against. The OWASP Top 10 is the most widely recognized reference in web ap...

This memo sheet is designed to consolidate everything you have learned so far into a single, clear, and actionable reference. You have already explored Git fundamentals, branch policies, pre-commit hooks, security concepts such as Confidentiality, In...

**Theoretical Recap** A pre-commit hook is a script that Git executes automatically before finalizing a commit. It acts as a last-line-of-defence gate: if the script exits with a non-zero code, the commit is rejected and the developer is forced to fi...

When you work in a team on a software project, or even alone with a professional pipeline in mind, the way you organize your branches in Git is not a trivial matter. Branches are not just a convenience for parallel development: they are a critical se...

**Theoretical Recap** In the world of DevSecOps, one of the most common and dangerous mistakes a developer can make is accidentally committing a secret — a password, an API key, a database connection string, a private token — directly into a Git repo...

THEORETICAL RECAP Git is a distributed version control system that tracks changes in files over time. Every project managed with Git lives inside a repository (repo), which stores the full history of modifications. Understanding a few core concepts i...

Git is a version control system. That means it is a tool that tracks every change made to a set of files over time. If you write code, modify a configuration file, or update a script, Git records what changed, when it changed, and who made the change...

Introduction: Why a storyboard approach? Throughout the previous activities, you have explored what DevSecOps means, how a Continuous Integration and Continuous Delivery pipeline works, where security checks fit in at each stage, and how artifacts an...

In the previous activities, you explored what a Continuous Integration and Continuous Delivery pipeline looks like, and you practiced placing security checks at various stages of an imaginary pipeline. You also adapted a secure pipeline to an e-comme...

THEORETICAL RECAP A CI/CD pipeline (Continuous Integration / Continuous Delivery) is an automated sequence of steps that takes source code from a developer's commit all the way to a production deployment. In a standard DevOps pipeline, the typical st...

THEORETICAL RECAP A CI/CD pipeline (Continuous Integration / Continuous Delivery) is the automated chain that takes source code from a developer's commit all the way to a running application in production. In a DevSecOps approach, security is not a f...

When we talk about a software delivery pipeline, we are referring to the full chain of automated steps that transforms source code written by developers into a running application available to end users. In a traditional DevOps approach, this chain i...

**Theoretical Recap** CI/CD stands for Continuous Integration and Continuous Delivery (or Deployment). It is the backbone of modern DevOps — and by extension, DevSecOps — workflows. Continuous Integration means that every time a developer pushes code...

Before diving into the world of security within development pipelines, it is essential to understand what DevOps is, why it was created, and how the concept of DevSecOps grew out of it. You have already explored the foundational pillars of cybersecur...

At this stage of your learning journey, you have covered a significant amount of foundational material. You have explored the core vocabulary of cybersecurity, discovered the three pillars known as the CIA triad, and encountered the most common web t...

**Theoretical Recap** Before diving into the workshop, let's consolidate what you have covered so far. In cybersecurity, a threat is any potential event or action that could exploit a vulnerability to cause harm to an information system. A vulnerabil...

In the previous activities, you built a solid foundation: you mastered the core vocabulary of cybersecurity (security, threat, vulnerability, risk), and you explored the three fundamental pillars that any security approach must protect: confidentiali...

THEORETICAL RECAP Before diving into the workshop, let's consolidate what you have covered so far. Four core concepts form the backbone of cybersecurity thinking: security (the overall state of protection of systems and data), threat (any potential e...

**Theoretical Recap** Before diving into the workshop, let's consolidate the essential framework you need. The CIA Triad is the cornerstone model of information security, composed of three pillars: Confidentiality, Integrity, and Availability. Confid...

Before diving into the technical world of cybersecurity and secure application development, every professional in this field must internalize a fundamental framework: the three pillars known as the CIA triad. These three pillars are Confidentiality, ...

**Theoretical Recap** Before diving into the workshop, let's consolidate the four core vocabulary terms you encountered in the previous lesson. A **threat** is any potential event or actor that could cause harm to a system — for example, a hacker att...

Avant de plonger dans les techniques de test d'intrusion, la correction de failles ou la mise en place de pipelines sécurisés, il est indispensable de parler la même langue que les professionnels de la cybersécurité. Ce cours pose les fondations conc...

Welcome to the course 'CyberSecurity and DevSecOps Expert: Develop, Pentest, and Deploy Secure Applications'. This introductory chapter is your starting point. Before diving into technical tools, attack techniques, or secure deployment pipelines, it ...