https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/ en-US Become a CyberSecurity & DevSecOps Specialist: Understand the risks of an application to prioritize tests and corrections; Conduct a Web/API application Pentest (recognition, tests, proofs) on an authorized perimeter; Identify and validate major vulnerabilities (auth/session, access control, access control, injections, auth/session, access control, access, injection, injection, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injections, CSRF, injection); Master the main tools such as Nmap, Wireshark, Metasploit, Python scripting; Correct flaws properly and set up non-regression tests; Produce a vulnerability report; Set up a secure delivery chain: CI/CD, SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), SCA (Software Composition Analysis), SCA (Software Composition Analysis), containers. © 2026 Ilaria Digital School. Tous droits réservés. Education Ilaria Digital School Ilaria Digital School courses-cybersecurity@ilaria-academy.com false episodic yes 39149f2e-39dd-5304-b60c-563396413081 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/a6c34abd-d2cc-4159-a376-15f1b0ce6404/welcome-objectives-and-chapter-journey Welcome to the course 'CyberSecurity and DevSecOps Expert: Develop, Pentest, and Deploy Secure Applications'. This introductory chapter is your starting point. Before diving into technical tools, attack techniques, or secure deployment pipelines, it ... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:a6c34abd-d2cc-4159-a376-15f1b0ce6404 Tue, 24 Mar 2026 04:19:06 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/401ff9de-fe56-4301-a9f7-79df5d7e136d/essential-vocabulary-security-threat-vulnerability-risk Welcome to this first foundational lesson. Before diving into technical tools, penetration testing techniques, or secure development practices, you need to master the vocabulary that structures all of cybersecurity. These words — security, threat, vu... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:401ff9de-fe56-4301-a9f7-79df5d7e136d Tue, 24 Mar 2026 16:18:54 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/199148a4-3b3c-4cd1-aa90-e070c5815472/workshop-associate-each-term-with-a-concrete-case **Theoretical Recap** Before diving into the workshop, let's consolidate the four core vocabulary terms you encountered in the previous lesson. A **threat** is any potential event or actor that could cause harm to a system — for example, a hacker att... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:199148a4-3b3c-4cd1-aa90-e070c5815472 Wed, 25 Mar 2026 04:19:08 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/4e94ff63-d31c-4bd7-8d49-e600ee0a2fd5/the-cia-pillars-confidentiality-integrity-availability Before diving into the technical world of cybersecurity and secure application development, every professional in this field must internalize a fundamental framework: the three pillars known as the CIA triad. These three pillars are Confidentiality, ... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:4e94ff63-d31c-4bd7-8d49-e600ee0a2fd5 Thu, 26 Mar 2026 04:20:20 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/15f46b2e-1139-4bb3-97f3-581fd6a9cb77/workshop-identifying-the-cia-pillar-under-threat **Theoretical Recap** Before diving into the workshop, let's consolidate the essential framework you need. The CIA Triad is the cornerstone model of information security, composed of three pillars: Confidentiality, Integrity, and Availability. Confid... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:15f46b2e-1139-4bb3-97f3-581fd6a9cb77 Thu, 26 Mar 2026 16:19:13 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/63e946e2-25de-4819-b20d-94fd23358fd1/workshop-creating-your-own-threat-examples THEORETICAL RECAP Before diving into the workshop, let's consolidate what you have covered so far. Four core concepts form the backbone of cybersecurity thinking: security (the overall state of protection of systems and data), threat (any potential e... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:63e946e2-25de-4819-b20d-94fd23358fd1 Fri, 27 Mar 2026 13:19:32 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/1c3b5334-1597-4b84-b4c5-ce54ab465515/common-web-threats-presented-simply In the previous activities, you built a solid foundation: you mastered the core vocabulary of cybersecurity (security, threat, vulnerability, risk), and you explored the three fundamental pillars that any security approach must protect: confidentiali... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:1c3b5334-1597-4b84-b4c5-ce54ab465515 Sat, 28 Mar 2026 05:05:32 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/30e94646-ead2-4248-abc9-b53624739b32/workshop-recognize-the-threat-on-a-screenshot **Theoretical Recap** Before diving into the workshop, let's consolidate what you have covered so far. In cybersecurity, a threat is any potential event or action that could exploit a vulnerability to cause harm to an information system. A vulnerabil... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:30e94646-ead2-4248-abc9-b53624739b32 Sun, 29 Mar 2026 22:55:42 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/b08ba306-a83b-4237-9456-c9fee2e97f09/intermediate-visual-summary-mental-map-of-concepts At this stage of your learning journey, you have covered a significant amount of foundational material. You have explored the core vocabulary of cybersecurity, discovered the three pillars known as the CIA triad, and encountered the most common web t... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:b08ba306-a83b-4237-9456-c9fee2e97f09 Tue, 31 Mar 2026 03:18:56 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/f6e12f6c-318c-4adc-856f-e9d128b0ccae/introduction-to-devops-and-the-devsecops-concept Before diving into the world of security within development pipelines, it is essential to understand what DevOps is, why it was created, and how the concept of DevSecOps grew out of it. You have already explored the foundational pillars of cybersecur... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:f6e12f6c-318c-4adc-856f-e9d128b0ccae Tue, 31 Mar 2026 12:19:00 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/b9dd1c8c-9993-48d2-ac5e-db22a8944c85/workshop-visualizing-a-simplified-ci-cd-pipeline **Theoretical Recap** CI/CD stands for Continuous Integration and Continuous Delivery (or Deployment). It is the backbone of modern DevOps — and by extension, DevSecOps — workflows. Continuous Integration means that every time a developer pushes code... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:b9dd1c8c-9993-48d2-ac5e-db22a8944c85 Wed, 01 Apr 2026 03:19:00 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/a342804e-6af4-4570-853c-d41bc9317c2e/the-role-of-safety-at-every-stage-of-the-pipeline When we talk about a software delivery pipeline, we are referring to the full chain of automated steps that transforms source code written by developers into a running application available to end users. In a traditional DevOps approach, this chain i... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:a342804e-6af4-4570-853c-d41bc9317c2e Thu, 02 Apr 2026 03:19:10 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/adf4bed4-ebad-4a61-88cd-af969009f868/workshop-placing-security-checks-in-an-imaginary-pipeline THEORETICAL RECAP A CI/CD pipeline (Continuous Integration / Continuous Delivery) is the automated chain that takes source code from a developer's commit all the way to a running application in production. In a DevSecOps approach, security is not a f... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:adf4bed4-ebad-4a61-88cd-af969009f868 Thu, 02 Apr 2026 15:19:08 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/5e7155e7-4424-4cde-a243-dcd32e5abdd0/workshop-adapting-a-secure-pipeline-to-an-e-commerce-project THEORETICAL RECAP A CI/CD pipeline (Continuous Integration / Continuous Delivery) is an automated sequence of steps that takes source code from a developer's commit all the way to a production deployment. In a standard DevOps pipeline, the typical st... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:5e7155e7-4424-4cde-a243-dcd32e5abdd0 Fri, 03 Apr 2026 15:19:06 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/9d053751-b409-44d9-be35-f769da62fd72/pipeline-checkpoints-and-artifacts In the previous activities, you explored what a Continuous Integration and Continuous Delivery pipeline looks like, and you practiced placing security checks at various stages of an imaginary pipeline. You also adapted a secure pipeline to an e-comme... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:9d053751-b409-44d9-be35-f769da62fd72 Mon, 06 Apr 2026 03:19:03 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/68c61b0e-9113-47b9-b7b4-b46fdd8833fc/storyboard-incident-avoided-with-devsecops Introduction: Why a storyboard approach? Throughout the previous activities, you have explored what DevSecOps means, how a Continuous Integration and Continuous Delivery pipeline works, where security checks fit in at each stage, and how artifacts an... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:68c61b0e-9113-47b9-b7b4-b46fdd8833fc Mon, 06 Apr 2026 23:34:02 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/898f3f38-4360-4a8f-b2a6-b9a20bd06bec/mini-project-writing-a-security-oriented-user-story ## Mini-Project: Writing a Security-Oriented User Story ### Project Overview Building on your understanding of DevSecOps principles, the CI/CD pipeline, and the CIA triad, this mini-project challenges you to write a complete set of security-oriented ... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:898f3f38-4360-4a8f-b2a6-b9a20bd06bec Tue, 07 Apr 2026 15:19:06 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/abc7c514-8227-4105-ba7e-6da131ebc1a7/entry-ramp-summary-and-personal-checklist You have now completed the introductory section of this course on CyberSecurity and DevSecOps. Before moving on to more technical and specialized content, this chapter serves a double purpose: consolidating everything you have learned so far and givi... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:abc7c514-8227-4105-ba7e-6da131ebc1a7 Wed, 08 Apr 2026 15:19:21 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/d5505e4a-dfb7-489c-906f-2ed90042c71d/prepare-your-secure-test-environment-vm-accounts-browser Before performing any security test, penetration test, or vulnerability analysis, you must set up a dedicated, isolated, and controlled environment. This is not optional. Working directly on your personal machine, using your real accounts, or testing... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:d5505e4a-dfb7-489c-906f-2ed90042c71d Thu, 09 Apr 2026 03:19:21 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/206e3fd8-15af-4198-857b-aeee9c52f362/workshop-installing-and-verifying-the-lab-virtual-machine **Theoretical Recap** A virtual machine (VM) is a software emulation of a physical computer. It runs an operating system and applications in an isolated environment, completely separated from your host system. This isolation is fundamental in cyberse... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:206e3fd8-15af-4198-857b-aeee9c52f362 Thu, 09 Apr 2026 15:19:10 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/872ac228-f8a2-4640-8acd-bfc4fa32cd8f/very-high-level-introduction-to-git-as-the-foundation-of-the-pipeline Git is a version control system. That means it is a tool that tracks every change made to a set of files over time. If you write code, modify a configuration file, or update a script, Git records what changed, when it changed, and who made the change... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:872ac228-f8a2-4640-8acd-bfc4fa32cd8f Fri, 10 Apr 2026 15:19:16 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/228f4529-0e0f-498f-b314-f47f65e3f45e/workshop-first-git-manipulations-clone-commit THEORETICAL RECAP Git is a distributed version control system that tracks changes in files over time. Every project managed with Git lives inside a repository (repo), which stores the full history of modifications. Understanding a few core concepts i... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:228f4529-0e0f-498f-b314-f47f65e3f45e Mon, 13 Apr 2026 03:19:03 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/ddb6a467-6c71-4fbb-b056-963e4a5c81e0/git-and-traceability-history-at-the-service-of-security Git is far more than a simple tool for saving code. When used correctly, it becomes a genuine security instrument, allowing teams to track every change, identify the origin of a vulnerability, and respond quickly to incidents. This course builds dire... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:ddb6a467-6c71-4fbb-b056-963e4a5c81e0 Tue, 14 Apr 2026 03:19:13 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/794de7a1-bc45-4e64-8c68-3ff4685eddb7/workshop-simulating-a-committed-secret-and-correcting-it **Theoretical Recap** In the world of DevSecOps, one of the most common and dangerous mistakes a developer can make is accidentally committing a secret — a password, an API key, a database connection string, a private token — directly into a Git repo... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:794de7a1-bc45-4e64-8c68-3ff4685eddb7 Tue, 14 Apr 2026 15:19:18 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/719a74a7-0f8c-4bfb-b36d-d0be52cb77d1/secure-branch-policies-key-concepts When you work in a team on a software project, or even alone with a professional pipeline in mind, the way you organize your branches in Git is not a trivial matter. Branches are not just a convenience for parallel development: they are a critical se... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:719a74a7-0f8c-4bfb-b36d-d0be52cb77d1 Wed, 15 Apr 2026 11:21:09 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/b76723de-7e61-480e-b921-2ed2b0ed6c19/workshop-setting-up-a-basic-pre-commit-rule **Theoretical Recap** A pre-commit hook is a script that Git executes automatically before finalizing a commit. It acts as a last-line-of-defence gate: if the script exits with a non-zero code, the commit is rejected and the developer is forced to fi... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:b76723de-7e61-480e-b921-2ed2b0ed6c19 Thu, 16 Apr 2026 03:19:09 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/f54492e7-c72f-47d8-8b1c-c9e5ddc698d8/printable-memo-sheet-minimal-secure-pipeline This memo sheet is designed to consolidate everything you have learned so far into a single, clear, and actionable reference. You have already explored Git fundamentals, branch policies, pre-commit hooks, security concepts such as Confidentiality, In... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:f54492e7-c72f-47d8-8b1c-c9e5ddc698d8 Fri, 17 Apr 2026 03:19:18 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/3ade80c9-aad8-4b65-8292-2cc7159bff7e/overview-of-the-owasp-top-10 Before diving into penetration testing techniques or setting up a secure delivery pipeline, every cybersecurity practitioner must understand what they are actually protecting against. The OWASP Top 10 is the most widely recognized reference in web ap... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:3ade80c9-aad8-4b65-8292-2cc7159bff7e Fri, 17 Apr 2026 15:19:27 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/229e9463-a466-4811-9956-e466f5b8477b/workshop-mapping-the-owasp-top-10-on-the-pipeline **Theoretical Recap** The OWASP Top 10 is a regularly updated reference document listing the ten most critical web application security risks. It is not a checklist to mechanically tick off, but a risk map that helps teams prioritize where to focus t... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:229e9463-a466-4811-9956-e466f5b8477b Mon, 20 Apr 2026 03:19:04 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/53b3103b-baa6-4221-b8ce-29dd1af1d8c7/the-three-shifts-shift-left-shift-right-feedback-loop Security in software development has undergone a profound transformation over the past two decades. Traditionally, security was treated as a final checkpoint: developers would write code, assemble an application, and only at the very end would a secu... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:53b3103b-baa6-4221-b8ce-29dd1af1d8c7 Tue, 21 Apr 2026 00:19:16 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/636047de-9139-4239-bbdd-4ab168670a0a/workshop-placing-security-tests-into-an-existing-workflow **Theoretical Recap** Integrating security tests into an existing CI/CD workflow is the operational heart of DevSecOps. The core principle is simple: security checks must not be an afterthought bolted onto the end of a pipeline — they must be embedde... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:636047de-9139-4239-bbdd-4ab168670a0a Tue, 21 Apr 2026 15:19:27 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/ce1220ec-2d18-4a02-8e9a-6c017fd600a7/mini-project-create-a-yaml-mini-pipeline-with-commented-security-steps ## Project Overview This mini-project is the capstone activity of the INTRO chapter. Having covered Git security policies, pre-commit hooks, OWASP Top 10, CIA triad, Shift-Left/Shift-Right/Feedback Loop principles, and pipeline security mapping, you ... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:ce1220ec-2d18-4a02-8e9a-6c017fd600a7 Wed, 22 Apr 2026 03:19:12 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/47a27573-05be-4895-be42-b933e05ca4ed/step-by-step-guide-pre-commit-checklist A pre-commit checklist is a structured list of security and quality checks that every developer must run — or that are automatically triggered — before any piece of code is officially committed to a shared version control repository such as Git. The ... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:47a27573-05be-4895-be42-b933e05ca4ed Thu, 23 Apr 2026 03:19:03 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/a7514ffe-19ab-426a-9381-dbee4ee9aa8f/reading-a-fictional-vulnerability-report-structure-and-terminology Understanding how to read a vulnerability report is a foundational skill for anyone entering the field of cybersecurity or DevSecOps. Whether you are reviewing a report produced by a penetration tester, an automated scanning tool, or a security team,... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:a7514ffe-19ab-426a-9381-dbee4ee9aa8f Thu, 23 Apr 2026 15:19:03 +0000 full 00:15:00 https://www.ilaria-academy.com/nextjob/appsec-cybersecurity-hacker/en/9adaf497-120b-4302-bb66-548483ef7fcc/930516c4-8844-4830-bea4-8dfee3abcdc8/workshop-extracting-key-information-from-the-report **Theoretical Recap** A vulnerability report is a structured document that communicates security findings to both technical and non-technical stakeholders. Understanding how to read and extract key information from such a report is a foundational ski... Ilaria Digital School false nextjob:appsec-cybersecurity-hacker:930516c4-8844-4830-bea4-8dfee3abcdc8 Fri, 24 Apr 2026 03:19:17 +0000 full 00:15:00