Secure Development & Coding
Secure Development & Coding

Welcome to Designing for Quality and Security with Azure DevOps. This course covers topics to help you learn how to design a quality strategy in Azure DevOps. It shows you how to analyze an existing quality environment and how to identify and recommend quality metrics, as well as what feature flags are and how to manage the feature flag lifecycle.

The course then moves onto technical debt and how to manage it, how to choose a team structure that optimizes quality and how to handle performance testing. You'll look at some strategies for designing a secure development process and the steps you can take to inspect and validate both your codebase and infrastructure for compliance.

We'll wrap things up by covering strategies you can use to secure your development and coding environment, as well as recommended tools and practices that you can use to integrate infrastructure security validation.

If you have any questions, comments, or feedback relating to this course, feel free to contact us at

Learning Objectives

By the time you complete this course, you should have a good understanding of how to design for quality and security with Azure DevOps.

Intended Audience

This course is intended for:

  • IT professionals who are interested in earning the Microsoft Azure DevOps Solutions certification
  • DevOps professionals that work with Azure on a daily basis


To get the most from this course, you should have at least a basic understanding DevOps concepts and of Microsoft Azure.


Hi there. Welcome to Secure Development and Coding. Secure development starts with secure coding practices. The Open Web Application Security Project, otherwise known as OWASP, is a global organization that focuses on improving the security of software. The stated mission of OWASP is to raise the visibility of software security, so that users can make informed decisions. As a charitable organization, OWASP provides impartial advice that is practical.

OWASP regularly publishes its set of Secure Coding Practices, which provides guidelines that govern things like Input Validation, Output Encoding, and Authentication and Password Management. Other areas covered by these guidelines include Session Management, Access Control, and Cryptographic Practices, among others.

OWASP also publishes an intentionally vulnerable web application that can be used to learn about common vulnerabilities. It's called The Juice Shop Tool Project and it includes all kinds of vulnerabilities listed in the OWASP Top 103.

To learn more about the OWASP Foundation, visit the URL that you see on your screen. You can also download the OWASP Secure Coding Practices Quick Reference Guide from their website as well.



Introduction - Identifying & Recommending Quality Metrics - Feature Flags - Technical Debt - Team Structures - Performance Testing - Inspecting & Validating Code Base for Compliance - Inspecting & Validating Infrastructure for Compliance - Secure Development & Coding - Infrastructure Security Validation Tools & Practices - Conclusion

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.