Ilaria Digital School

CyberSecurity & DevSecOps Expert: Develop, PenTest, and Deploy Secure Applications

Become a CyberSecurity & DevSecOps Specialist: Understand the risks of an application to prioritize tests and corrections; Conduct a Web/API application Pentest (recognition, tests, proofs) on an authorized perimeter; Identify and validate major vulnerabilities (auth/session, access control, access control, injections, auth/session, access control, access, injection, injection, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injection); Mas...

Autor

Ilaria Digital School

Kategorie

Education

Podcast-Website

www.ilaria-academy.com

Neueste Folge

10. Jul 2026

Wo hören?

Podcasts in der App Replaio Radio Bald verfügbar

Podcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts

Bei Google Play herunterladen Kostenlos installieren Android 5 Mio.+ Downloads · Bewertung 4,8 iOS bald

Folgen

Observe an ICMP packet with ping 01.05.2026

**Theoretical Recap** ICMP (Internet Control Message Protocol) is a network-layer protocol (OSI Layer 3) used primarily for diagnostic and error-reporting purposes. Unlike TCP or UDP, ICMP does not carry application data — it carries control messages...

IP address and packet concepts 30.04.2026

Now that you are familiar with the basic vocabulary of networks — hosts, links, and packets — it is time to go deeper into two fundamental concepts that underpin virtually every communication on the internet and on private networks: the Internet Prot...

Map your home network 29.04.2026

**Theoretical Recap** Before diving into the workshop, let's consolidate the core concepts you've encountered so far. A network is made up of hosts (any device with an IP address: computer, smartphone, printer, router, smart TV), links (the physical ...

Basic vocabulary of a network (host, link, packet) 29.04.2026

Understanding how networks work is the foundation of cybersecurity. Before diving into attack techniques, penetration testing tools, or secure deployment pipelines, you need to be fluent in the basic vocabulary that describes what a network is and ho...

Welcome and chapter goals 28.04.2026

Welcome to the chapter on Fundamentals of OSI Networks, Protocols, and Models. This chapter is your essential starting point before diving into any cybersecurity or DevSecOps practice. Whether you are aiming to conduct penetration tests, identify vul...

General summary and opening to the next chapter 28.04.2026

Congratulations on reaching the end of the introductory chapter of this course. Before moving forward, it is essential to consolidate everything you have learned so far and to understand how it connects to what lies ahead. This summary is not simply ...

Workshop: Writing a micro-report on an imaginary bug 27.04.2026

THEORETICAL RECAP A vulnerability report is the primary deliverable of any security assessment. It transforms technical findings into actionable intelligence for developers, managers, and security teams. A well-structured report answers four essentia...

Workshop: extracting key information from the report 24.04.2026

**Theoretical Recap** A vulnerability report is a structured document that communicates security findings to both technical and non-technical stakeholders. Understanding how to read and extract key information from such a report is a foundational ski...

Reading a fictional vulnerability report: structure and terminology 23.04.2026

Understanding how to read a vulnerability report is a foundational skill for anyone entering the field of cybersecurity or DevSecOps. Whether you are reviewing a report produced by a penetration tester, an automated scanning tool, or a security team,...

Step-by-Step Guide: Pre-commit Checklist 23.04.2026

A pre-commit checklist is a structured list of security and quality checks that every developer must run — or that are automatically triggered — before any piece of code is officially committed to a shared version control repository such as Git. The ...

Mini-project: create a YAML mini-pipeline with commented security steps 22.04.2026

## Project Overview This mini-project is the capstone activity of the INTRO chapter. Having covered Git security policies, pre-commit hooks, OWASP Top 10, CIA triad, Shift-Left/Shift-Right/Feedback Loop principles, and pipeline security mapping, you ...

Workshop: placing security tests into an existing workflow 21.04.2026

**Theoretical Recap** Integrating security tests into an existing CI/CD workflow is the operational heart of DevSecOps. The core principle is simple: security checks must not be an afterthought bolted onto the end of a pipeline — they must be embedde...

The three shifts: Shift-Left, Shift-Right, Feedback Loop 21.04.2026

Security in software development has undergone a profound transformation over the past two decades. Traditionally, security was treated as a final checkpoint: developers would write code, assemble an application, and only at the very end would a secu...

Workshop: mapping the OWASP Top 10 on the pipeline 20.04.2026

**Theoretical Recap** The OWASP Top 10 is a regularly updated reference document listing the ten most critical web application security risks. It is not a checklist to mechanically tick off, but a risk map that helps teams prioritize where to focus t...

Overview of the OWASP Top 10 17.04.2026

Before diving into penetration testing techniques or setting up a secure delivery pipeline, every cybersecurity practitioner must understand what they are actually protecting against. The OWASP Top 10 is the most widely recognized reference in web ap...

Printable memo sheet: minimal secure pipeline 17.04.2026

This memo sheet is designed to consolidate everything you have learned so far into a single, clear, and actionable reference. You have already explored Git fundamentals, branch policies, pre-commit hooks, security concepts such as Confidentiality, In...

Workshop: setting up a basic pre-commit rule 16.04.2026

**Theoretical Recap** A pre-commit hook is a script that Git executes automatically before finalizing a commit. It acts as a last-line-of-defence gate: if the script exits with a non-zero code, the commit is rejected and the developer is forced to fi...

Secure branch policies: key concepts 15.04.2026

When you work in a team on a software project, or even alone with a professional pipeline in mind, the way you organize your branches in Git is not a trivial matter. Branches are not just a convenience for parallel development: they are a critical se...

Workshop: simulating a committed secret and correcting it 14.04.2026

**Theoretical Recap** In the world of DevSecOps, one of the most common and dangerous mistakes a developer can make is accidentally committing a secret — a password, an API key, a database connection string, a private token — directly into a Git repo...

Git and traceability: history at the service of security 14.04.2026

Git is far more than a simple tool for saving code. When used correctly, it becomes a genuine security instrument, allowing teams to track every change, identify the origin of a vulnerability, and respond quickly to incidents. This course builds dire...

Workshop: first Git manipulations (clone, commit) 13.04.2026

THEORETICAL RECAP Git is a distributed version control system that tracks changes in files over time. Every project managed with Git lives inside a repository (repo), which stores the full history of modifications. Understanding a few core concepts i...

Very high level introduction to Git as the foundation of the pipeline 10.04.2026

Git is a version control system. That means it is a tool that tracks every change made to a set of files over time. If you write code, modify a configuration file, or update a script, Git records what changed, when it changed, and who made the change...

Workshop: installing and verifying the lab virtual machine 09.04.2026

**Theoretical Recap** A virtual machine (VM) is a software emulation of a physical computer. It runs an operating system and applications in an isolated environment, completely separated from your host system. This isolation is fundamental in cyberse...

Prepare your secure test environment (VM, accounts, browser) 09.04.2026

Before performing any security test, penetration test, or vulnerability analysis, you must set up a dedicated, isolated, and controlled environment. This is not optional. Working directly on your personal machine, using your real accounts, or testing...

Entry ramp summary and personal checklist 08.04.2026

You have now completed the introductory section of this course on CyberSecurity and DevSecOps. Before moving on to more technical and specialized content, this chapter serves a double purpose: consolidating everything you have learned so far and givi...

Höre den Podcast CyberSecurity & DevSecOps Expert: Develop, PenTest, and Deploy Secure Applications in Replaio

Radio und Podcasts in einer App - kostenlos und ohne Anmeldung. Installiere sie noch heute und verpasse den Start nicht

Bei Google Play herunterladen

Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet