DevSecOps

NEW
2 Days

 

One Day hands-on training to automate security into a fast-paced DevOps environment using various open-source tools and scripts.

Modern enterprises are implementing the technical and cultural changes required to embrace DevOps methodology by introducing practices such Continuous Integration (CI), Continuous Delivery (CD), Continuous Monitoring (CM) and Infrastructure as Code(IaC) .DevSecOps extends DevOps by introducing security in each of these practices giving a certain level of security assurance in the final product. In this training, we will demonstrate using our state-of-the-art DevSecOps Lab as to how to inject security in CI, CD, CM and IaC.

Class Overview

This is a complete hands-on training with attendees requiring only a browser to complete the entire training. Attendees will receive the DevSecOps Lab built using Vagrant and Ansible comprising of various open-source tools and scripts to help the DevOps engineers in automating security within their CI/CD pipeline.

The attendees will receive a DevSecOps-Lab VM (designed by the NotSoSecure team) containing all the code, scripts and tools that are used for building the entire DevSecOps pipeline.

A Short preview of our course is available for viewing here

Class Details

Course Objective

  • Create a security culture/mindset amongst the already integrated “DevOps” team.
  • Find and fix security bugs as early in SDLC as possible
  • Build a secure by default infrastructure
  • Build a system with continuous security monitoring

 

Key Takeaways

  • Understand how to tackle security issues in a fast-moving DevOps environment

  • Identify tools/solutions and develop processes to create a secure by default infrastructure

  • Utilize the integration scripts and tools provided in the DevSecOps Lab to create your own DevSecOps pipeline

 

Additional Information

We delivered this training for Virtual OWASP AppSec Days Conference on 28-29th April 2020 with 30 attendees

The training received an overwhelming response at the OWASP AppSec DC event in September 2019 with around 63 registrations. https://globalappsecdc2019.sched.com/event/SKIC

As well as at the below conferences https://agiledevopseast.techwell.com/program/tutorials/ devsecops-automating-security-devops-agile-devops-east-2019

Introduction to DevOps

  • Introduction and Lab Setup
  • Challenges with Traditional IT
  • What is DevOps?

Introduction to DevSecOps

  • Challenges for Security in DevOps
  • DevSecOps – Why, What and How?
  • Vulnerability Management

Continuous Integration

  • Pre-Commit Hooks
  • Secrets Management

Continuous Delivery

  • Software Composition Analysis (SCA)
  • Static Analysis Security Testing (SAST)
  • Dynamic Analysis Security Testing (DAST)

Infrastructure As Code

  • Vulnerability Assessment (VA)
  • Container Security (CS)
  • Compliance as Code (CaC)

Continuous Monitoring

  • Alerting and Monitoring
  • Introduction to F-ELK

DevSecOps in AWS

  • DevOps on Cloud Native AWS
  • AWS Threat Landscape
  • DevSecOps in Cloud Native AWS

DevSecOps Challenges and Enablers

  • Challenges with DevSecOps
  • Building DevSecOps Culture
  • Security Champions

Prerequisites

Who Should Take This Class?

DevOps engineers, security and solutions architects, system administrators will also strongly benefit from this course as it’ll give them a holistic approach towards application security.

Student Requirements

Anybody with a background in IT or related to software development whether a developer or a manager can attend this course to get an insight about DevOps and DevSecOps.

Any device having a browser.

How to book




    What courses are you interested in?



    Delivery:

    Also Available from our partners below

    UK and Virtual

    Visit

    Global / Remote

    Visit

    Training Events

    DevSec

    DevSec

    4th February 2021

    FREE Webinar

    FREE REGISTRATION
    DevSecOps

    DevSecOps

    10th-11th February 2021

    Live Online Training

    Register
    DevSecOps

    DevSecOps

    7th-8th April 2021

    Live Online Training

    Register
    DevSecOps

    DevSecOps

    8th-9th April 2021

    Live Online Training

    Register
    DevSecOps

    DevSecOps

    21st September 2021

    FREE Webinar

    FREE REGISTRATION
    DevSecOps

    DevSecOps

    11th-12th October 2021

    Live Online Training

    Register
    DevSecOps

    DevSecOps

    25th-26th October 2021

    Live Online Training

    Register

    Hacking Training Classes

    Lab-Based Training - Written by BlackHat Trainers - Available Globally

    NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure / web applications as a day job & wish to add to their existing skill set.

    Download the Hacking Classes Brochure

    NotSoSecure Training Journey:

    Beginner Friendly

    Hacking 101

    The Art of Hacking

    2020 Edition

    The Art of Hacking

    =
    2020 Edition

    Infrastructure Hacking

    +
    2020 Edition

    Web Hacking

    Specialist Offensive Classes

    2020 Edition

    Advanced Infrastructure Hacking

    2020 Edition

    Advanced Web Hacking

    NEW

    Hacking and Securing Cloud Infrastructure

    Specialist Defence Classes

    2020 Edition

    AppSec for Developers

    NEW

    DevSecOps

    NEW

    AppSecOps