DevSecOps

• An understanding of the DevOps process

Audience

• DevOps professionals

DevOps is the collaboration of IT operations and software development in the service lifecycle. DevSecOps is the implementation of security practices within the DevOps process. DevSecOps is a practice used for securing and evolving consistently-changing systems at scale.

This instructor-led, live training (online or onsite) is aimed at DevOps professionals who wish to secure the DevOps process with DevSecOps programs.

By the end of this training, participants will be able to:

• Understand how a DevSecOps program can integrate security into a software development pipeline.
• Build a secure continuous delivery pipeline.
• Automate security testing for a software delivery workflow.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Day 01

Introduction

DevSecOps at a Glance

• CI (Continuous Integration) and CD (Continuous Delivery)
• Shifting security to the left, the DevOps way

DevSecOps Method Theories

• Security for DevOps technologies
• When and how security interacts with the application and the development lifecycle
• Shared ownership of security responsibilities and activities

Day 02

DevSecOps with Jenkins

• Creating an agent
• Creating a pipeline job
• Using SYNK and SonarQube for SAST security scanning
• Using Arachini and OWASP-ZAP for DAST security scanning
• Using Anchore and Aqua MicroScanner for image security scanning
• Developing a DevSecOps pipeline
• Enabling CI and CD

Security Automation

• Automating security testing with Gaunit
• Running an automated attack

Application Security Automation

• Automating and refactoring XSS attack
• Automating SQLi attack
• Automating a fuzzer
• Testing security in software delivery pipelines

Summary and Next Steps