0345 4506120

DevSecOps Hands-on

DevSecOps has been described as 'security as code', 'a marriage of DevOps and Security' and 'Shifting security to the left'.

Traditional security approaches are inefficient and largely ineffective for organisations using Agile, DevOps and Cloud - as illustrated by the massive amount of recent data breaches.

DevSecOps is a new approach, which embeds security to each DevOps team, with automated security testing at all stages of the software development lifecycle. Security infrastructure, policies, controls, compliance, audit and even secure operations are all coded and automated, with almost no manual processes.

This three day hands-on course begins with an overview of the DevSecOps approach, framework and DevSecOps toolkit, then looks at application security, the elements of a secure software development lifecycle, and the use of automated application security tests as part of the continuous integration / continuous deployment pipeline.

DevSecOps approach, framework and toolkit

Reset

Learning Objectives

  •   Automated application security testing integrated to CI/CD pipeline
  •   Cloud security, infrastructure as code, unit and integration tests
  •   Containers, security issues and container security solutions
  •   Continuous compliance as code
  •   Serverless functions, architectures, automated remediation
  •   A DevSecOps model for security operations
  •   People aspects of DevSecOps

Pre-Requisites

There are no particular pre-requisites; however, delegates will benefit from any knowledge and experience of DevOps, application and infrastructure security.

This course is aimed at;

  •   Application developers, DevOps engineers, team leaders and managers wishing to improve their knowledge of security and DevSecOps
  •   Security and information risk professionals looking to develop their understanding of DevSecOps framework and tools, coding, automation and the changes needed to ensure effective security in a DevOps culture

Course Content

DAY ONE

Introduction

  •   Introductions
  •   Objectives of course
  •   Agenda

DevSecOps Approach, Framework and Toolkit

  •   DevOps fundamentals
  •   Lab: Application Development Pipeline
  •   Why a traditional security approach doesn't work
  •   What is DevSecOps?
  •   DevSecOps approach
  •   DevSecOps framework
  •   DevSecOps toolkit

Automated Application Security Testing

  •   OWASP Top 10
  •   Secure Software Development Lifecycle
  •   Application Security Testing Tools
  •   Lab: Integrate Application Security Test to Pipeline

DAY TWO

Cloud Security and Infrastructure as Code

  •   AWS EC2
  •   Lab: AWS Infrastructure as Code
  •   AWS Security
  •   Secrets management
  •   Unit and integration tests
  •   Demo: Real life security issues in AWS

Containers

  •   Concept of containers
  •   Docker
  •   Security Issues of containers
  •   Orchestration
  •   Container security solutions
  •   Integration to CI / CD pipeline
  •   Demo: Container security testing

Continuous Compliance

  •   Continuous Compliance Framework
  •   Demo: Automated AWS security assessment
  •   Policy as code
  •   Audit as code
  •   Automated Remediation
  •   Lab: Policy as code and automated remediation in Azure

DAY THREE

Serverless

  •   Concept of serverless
  •   AWS Lambda, Azure Cloud Functions, Google Cloud Functions
  •   Serverless application architecture
  •   Security implications
  •   Integration to CI / CD pipeline
  •   Lab: serverless application in AWS

A DevSecOps model for Security Operations

  •   Why the traditional Security Operations Center is no longer effective
  •   A DevSecOps model for Security Operations
  •   Data analysis, security incident identification and analysis as code
  •   Elastic stack (formerly ELK stack)
  •   Artificial Intelligence, machine learning and data discovery tools
  •   Security Incident Response as code
  •   Red Teams and Blue Teams

People aspects of DevSecOps

  •   Culture
  •   Organisation
  •   Skills and training
  •   Security champions
  •   Recruitment
  •   Team effectiveness

Final workshop

  •   Workshop on realistic DevSecOps scenario

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Online Courses

You may prefer an online course if you are looking for a flexible and cost-effective solution. Online courses allow you to study at your own pace, at a time that suits you.

We have the following eLearning options available:

Virtual Classroom

Virtual classrooms provide all the benefits of attending a classroom course without the need to arrange travel and accomodation. Please note that virtual courses are attended in real-time, commencing on a specified date.

Virtual Course Dates

Our Customers Include