Course Description:

DevSecOps Basic training covers the security of automated deployments and CI/CD pipelines, including recommended best practices for securing each pipeline component.

In this course you will learn why and how to integrate Security into your DevOps Process and the recommended tools and techniques for every phase. You will learn what it means to inject security into CD and secure your CD pipeline using SAST, DAST, and Security as Code. You will be able to identify security issues using inspec and remediate then using dev sec hardening framework.

What will you learn:

After completing this course, students will have a firm understanding of DevSecOps processes, tools, and techniques. They will also know the major components in a DevOps Pipeline, how to create and maintain DevSecOps pipelines using SAST, DAST, and Security as Code.

Target audience:

• people working with automated deployments and CI/CD pipelines, wishing to better understand and enhance the security of their environment
• Jenkins users and administrators interested in expending Jenkins knowledge
• Beginner and intermediate Developers
• QA Engineers
• Build and Release Engineers
• Technical Project Managers
• DevOps Engineers

Prerequisites:

• strong grasp of container basics (recommended training: Docker Basic)
• working knowledge of automated builds and CI/CD pipelines (recommended training: Jenkins Basics)

Curriculum: 

Module 01: Introduction to DevOps 

• What is DevOps?
• DevOps Culture
• DevOps Tools
• Continuous Integration
• Continuous Delivery
• Continuous Deployment

Module 02: Case Studies on DevOps 

• A demo company’s transition to DevOps walkthrough

Module 03: Working in DevOps 

• Introduction to Git
• GitLab
• Circle CI
• Docker concepts overview
• Docker security overview

Module 04: Security Challenges in DevOps 

• Major security challenges explained

Module 05: Building a CD Pipeline 

• What is a Pipeline?
• What is a CI CD Pipeline?
• What is Jenkins and how it works
• Create Pipeline jobs

Module06: DevOps Deployment Data 

• Integrating Security into your DevOps Processes
• Shifting Left
• How to do DevSecOps?
• DevSecOps Phases
• DevSecOps Pipeline
• DevSecOps Tools

Module 07: Secure Continuous Delivery 

• Injecting Security into Continuous Delivery
• Secure Code in Continuous Delivery
• Code Review in Continuous Delivery
• Securing your Continuous Delivery Pipeline

Module 08: Security in Pre-Commit 

• Pre-Commit Phase explained
• Security Tools used in Pre-commit phase

Module 09: Security in Commit 

• Commit Phase explained
• Security Tools used in Commit phase

Module 10: Security in Acceptance 

• Acceptance Phase explained
• Security tools used in Acceptance phase

Module 11: Secure Configuration Management Using Infrastructure as Code 

• Secure Configuration Management explained
• DevSec Hardening Framework

Module 12: Securing Configuration Management and Continuous Integration/Continuous Delivery Pipelines 

Additional details:

To attend this course, you need to have:

• PC/Laptop with internet access
• Updated web browser

Join our online sessions at Kubernauts Worldwide Meetup and enjoy free trainings and great presentations from the kommunity!

Join our online sessions at Kubernauts Worldwide Meetup and enjoy free trainings and great presentations from the kommunity!