API Security
In the World of DevSecOps
API Security Meets DevSecOps—From Culture to Code
This course bridges the gap between DevSecOps principles and real-world API security. Explore what DevSecOps really means, how it evolves from DevOps, and why API security must be built in—not bolted on. Ideal for teams embracing secure development from planning to production.
(Earn 2 CPEs)
Add course to library
Course Topics
Introduction to API Security in DevSecOps
Learn the basics of DevSecOps and API security, why they matter, and what’s at stake. This intro sets the stage for understanding secure development in a fast-paced, threat-filled world.
What are the Stakes?
Discover the real-world risks of insecure APIs and DevOps practices. Learn how cyber threats, from nation-states to ransomware, target vulnerabilities—and why security must be built in from the start.
DevOps
Explore how DevOps enables fast, reliable software delivery through continuous integration and feedback. Learn key principles from The Phoenix Project and how code flows in a DevOps factory model.
DevSecOps
Learn how security integrates across the DevSecOps lifecycle. Explore software factory models, core principles, governance, and how to embed security at every stage from planning to monitoring.
People
Explore the human side of DevSecOps—breaking down silos, aligning incentives, building collaboration, and investing in training to create a high-trust culture that supports secure software delivery.
Conclusion
Wrap up with key takeaways on API security and DevSecOps. Understand the stakes, review core concepts, and prepare for deep dives into secure development and API protection in future modules.
Scott Bly, CISSP & CISM
“In a DevSecOps world, APIs are the new attack surface—securing them isn’t optional, it’s foundational.”
Meet the Instructor
Scott Bly
Scott Bly is a seasoned cybersecurity professional specializing in API security within DevSecOps environments. With a strong background in application security and a passion for educating others, Bly brings real-world experience to the classroom, helping students bridge the gap between development and security. In this course, he emphasize integrating security seamlessly into the software development lifecycle, ensuring that security considerations are an integral part of the development process.
Bly's commitment to fostering a security-first mindset in development teams makes him a valuable resource for professionals aiming to enhance their API security posture.
Earn your APIsec University Certificate
Earn an APIsec University certificate and badge for completing any of our courses.
Post your badge on LinkedIn and share your accomplishments. You can even receive CPE credits for taking these courses.
