Conceptos generales de seguridad
Por qué Ciberseguridad para Desarrollo Web
No estamos seguros
Autorización Autenticación y Accountability : AAA
Funciona en mi local
Empecemos por la lógica
SQL Injection
De local a producción
Introducción a DevSecOps
DevSecOps como cultura
Creando pipelines
Corriendo nuestras pruebas
Listas de control de privilegios
Seguridad en la arquitectura
Diseñando la arquitectura
Infraestructura como código
Creando la infraestructura
Creando roles y policies
Desplegando funciones lambda
El mundo de la Base de Datos
Conectando lambdas a una VPC
Single point of failure
Evitando vulnerabilidades en el código
Configurando Auth0
Creando un lambda Authorizer
Secretos y API Keys
Creando Endpoints
Evitando Cross Site Scripting o XSS
Validando la integridad de los datos con tokens
Controles de seguridad sobre datos
Conociendo la naturaleza de los datos
Protege tus datos con Key Management Services
Monitoring y alertas
Sistema de logs
Observabilidad
Alertas y Postmortems
CORS y cierre
Errores de CORS
Why is cybersecurity essential for everyone in the enterprise?
Cybersecurity goes beyond being the sole responsibility of the IT department; it is a global concern within an organization. While many think that threats are solved with advanced technology or specialized equipment, the human factor is still the biggest risk. Hackers often use social engineering, a method that exploits human interactions, as evidenced in the attack on Payoneer Argentina users, where fraudulent text messages and hoax phone calls were used.
How do developers play a crucial role in security?
Developers have direct access to critical systems, databases, and sensitive user data. Carelessness in these areas can be costly. This is where cybersecurity becomes crucial: a security mistake could expose the company to significant risks. That is why this course focuses on teaching responsible security decisions, not only for personal projects but also at the professional level.
What will you learn to improve security in your projects?
Throughout the course, you will be immersed in a hands-on learning journey that covers several key areas of cybersecurity for developers:
- Integration with GitHub Webhooks: You'll connect to GitHub to receive real-time information about contributions to different repositories.
- Secure data storage: You will learn how to store information in a database ensuring access only to authorized persons.
- Secure authentication: You will implement an authentication token with Auth0 to securely manage access.
- Input validation and credential management: These fundamentals are essential to protect your application's entry points.
- Role and policy building with IAM: You'll design a robust permissions scheme that protects data and ensures proper access.
- GitHub Actions and infrastructure as code with Terraform: Optimize automation and secure infrastructure configuration.
- Observability and alerting: You will set up systems that allow you to monitor and respond quickly to any security incident.
How can you take your knowledge to the next level?
The learning doesn't stop here. Security is a continuously evolving process. We invite you to keep up to date with the latest trends and techniques in cybersecurity. Participate in online communities, attend conferences, and continue to explore new tools and approaches that can strengthen your skills. Your dedication and proactivity in this field will not only enhance your role as a developer, but also protect your organization's most valuable assets.
Contributions 11
Questions 0
Want to see more contributions, questions and answers from the community?