GB
/
GBP
/
EN

Shaping the future of IT skills

Maximising IT performance through learning

NotSoSecure DevSecOps - DEVSECOPS

WGAC-CSI-DEVSECOPS

NotSoSecure

Description

Show Tabs
Introduction

Two days hands-on training to automate security into a fast-paced DevOps environment using various open-source tools and scripts.

Modern enterprises are implementing the technical and cultural changes required to embrace DevOps methodology by introducing practices such Continuous Integration (CI), Continuous Delivery (CD), Continuous Monitoring (CM) and Infrastructure as Code(IaC) .DevSecOps extends DevOps by introducing security in each of these practices giving a certain level of security assurance in the final product.

In this training, we will demonstrate using our state-of-the-art DevSecOps Lab as to how to inject security in CI, CD, CM and IaC.

Prerequisites & Audience
Anybody with a background in IT or related to software development whether a developer or a manager can attend this course to get an insight about DevOps and DevSecOps.
Course Benefits
  • Understand how to tackle security issues in a fast-moving DevOps environment
  • Identify tools/solutions and develop processes to create a secure by default infrastructure
  • Utilize the integration scripts and tools provided in the DevSecOps Lab to create your own DevSecOps pipeline
Course Topics

Course Objective

  • Create a security culture/mindset amongst the already integrated “DevOps” team.
  • Find and fix security bugs as early in SDLC as possible
  • Build a secure by default infrastructure
  • Build a system with continuous security monitoring

Course Details

Introduction to DevOps

  • Introduction and Lab Setup
  • Challenges with Traditional IT
  • What is DevOps?

Introduction to DevSecOps

  • Challenges for Security in DevOps
  • DevSecOps – Why, What and How?
  • Vulnerability Management

Continuous Integration

  • Pre-Commit Hooks
  • Secrets Management

Continuous Delivery

  • Software Composition Analysis (SCA)
  • Static Analysis Security Testing (SAST)
  • Dynamic Analysis Security Testing (DAST)

Infrastructure As Code

  • Vulnerability Assessment (VA)
  • Container Security (CS)
  • Compliance as Code (CaC)

Continuous Monitoring

  • Alerting and Monitoring
  • Introduction to F-ELK

DevSecOps in AWS

  • DevOps on Cloud Native AWS
  • AWS Threat Landscape
  • DevSecOps in Cloud Native AWS

DevSecOps Challenges and Enablers

  • Challenges with DevSecOps
  • Building DevSecOps Culture
  • Security Champions

NotSoSecure courses


NotSoSecure Advanced Infrastructure Hacking - AIH
CODE: WGAC-CSI-AIH
NotSoSecure The Art of Hacking - AoH
CODE: WGAC-CSI-AOH
NotSoSecure Advanced Web Hacking - AWH
CODE: WGAC-CSI-AWH
NotSoSecure Hacking and Securing Cloud Infrastructure
CODE: WGAC-CSI-HSCI
NotSoSecure AppSec for Developers - APPSEC
CODE: WGAC-CSI-APPSEC
NotSoSecure DevSecOps - DEVSECOPS
CODE: WGAC-CSI-DEVSECOPS
NotSoSecure Hacking 101
CODE: WGAC-CSI-HACKING101
Webinar Hacking and Securing Cloud Infrastructure : The Anatomy of a Cloud Hack
CODE: WGAC-CSI-HSCI-WEBINAR
Webinar Basic Infrastructure Hacking : Through an Attacker's Eyes: Your Infrastructure
CODE: WGAC-CSI-BIH-WEBINAR
Webinar Basic Web Hacking : Through an Attacker's Eyes: Your Web Applications
CODE: WGAC-CSI-BWH-WEBINAR
We use cookies to understand how you use our site and to improve your experience. To learn more, click here. Read our revised Privacy Policy and Terms and Conditions.