NotSoSecure DevSecOps - DEVSECOPS
WGAC-CSI-DEVSECOPS
Schedule
Description
Two days hands-on training to automate security into a fast-paced DevOps environment using various open-source tools and scripts.
Modern enterprises are implementing the technical and cultural changes required to embrace DevOps methodology by introducing practices such Continuous Integration (CI), Continuous Delivery (CD), Continuous Monitoring (CM) and Infrastructure as Code(IaC) .DevSecOps extends DevOps by introducing security in each of these practices giving a certain level of security assurance in the final product.
In this training, we will demonstrate using our state-of-the-art DevSecOps Lab as to how to inject security in CI, CD, CM and IaC.
- Understand how to tackle security issues in a fast-moving DevOps environment
- Identify tools/solutions and develop processes to create a secure by default infrastructure
- Utilize the integration scripts and tools provided in the DevSecOps Lab to create your own DevSecOps pipeline
Course Objective
- Create a security culture/mindset amongst the already integrated “DevOps” team.
- Find and fix security bugs as early in SDLC as possible
- Build a secure by default infrastructure
- Build a system with continuous security monitoring
Course Details
Introduction to DevOps
- Introduction and Lab Setup
- Challenges with Traditional IT
- What is DevOps?
Introduction to DevSecOps
- Challenges for Security in DevOps
- DevSecOps – Why, What and How?
- Vulnerability Management
Continuous Integration
- Pre-Commit Hooks
- Secrets Management
Continuous Delivery
- Software Composition Analysis (SCA)
- Static Analysis Security Testing (SAST)
- Dynamic Analysis Security Testing (DAST)
Infrastructure As Code
- Vulnerability Assessment (VA)
- Container Security (CS)
- Compliance as Code (CaC)
Continuous Monitoring
- Alerting and Monitoring
- Introduction to F-ELK
DevSecOps in AWS
- DevOps on Cloud Native AWS
- AWS Threat Landscape
- DevSecOps in Cloud Native AWS
DevSecOps Challenges and Enablers
- Challenges with DevSecOps
- Building DevSecOps Culture
- Security Champions