Introduction

DevOps Security, often called "DevSecOps," is a set of practices, principles, and tools that integrate security measures and considerations into the DevOps (Development and Operations) process. It aims to create a security culture and collaboration between development, operations, and security teams to ensure that software development and deployment are secure by design. Here's a detailed definition of DevOps Security:

By Definition, DevOps Security, or DevSecOps, is a holistic approach to software development and deployment that places security at the forefront of the development lifecycle. It is driven by the need to address the ever-growing threat landscape and the increasing frequency of cyberattacks on software systems. DevOps Security is characterized by a proactive, collaborative, and automated approach to identifying and mitigating security vulnerabilities ensuring the confidentiality, integrity, and availability of software and data.

ALAMOSE aims to educate undergraduate and graduate students on (i) what categories of security weaknesses appear for artefacts used in DevOps and (ii) how identified security weaknesses can be detected. ALAMOSE is funded by the U.S. National Science Foundation (NSF) and spearheaded by  Akond Rahman at Auburn University. Don't hesitate to get in touch with him with questions at akond@auburn.edu.

Construction: ALAMOSE includes 10 education modules_

1. M0: Installation Overview

2. M1: Automated Requirements Validation

3. M2: Automated Detection of Known Security Weaknesses

4. M3: Automated Taint Tracking for Accurate Detection

5. M4: Automated Forensicability

6. M5: Git Hooks to Facilitate Automated Security Static Analysis

7. M6: Security Weakness Identification with Continuous Integration

8. M7: Security Weaknesses in Infrastructure as Code Scripts

9. M8: Security Weaknesses in Kubernetes Manifests

10. M9: Chaos Engineering with White-box Fuzzing

11. M10: Automated Secret Management