Introduction to DevSecOps
Description
Many organizations are undergoing digital transformation. Adopting the cloud and iterative software development techniques within software product teams often accompanies this change.
One of the more popular methods to deliver faster iterations is DevOps — the combining of software development and IT operations into a single capability. Embedding security into DevOps isn’t achieved by installing a single vendor’s product. Instead, it requires evolving your people, technology, and processes for automated and continuous security throughout your software lifecycle.
This course will cover many DevOps processes and technologies and how to manage security risks. We will also demonstrate how to achieve higher levels of security by embracing agility in software development and how to bridge the gap between DevOps and security. It will address how to secure your cloud environment, regardless of your cloud service provider. The final modules will focus on developing your incident response process for agile environments and also on how to establish a secure DevOps program.
Duration
Takes approximately 3.5 hours to complete
Certification
Course Objectives
Learn about how security can embed and enhance DevOps processes and technology
Review common cloud technologies, their risks, and how they enable DevOps
Deep dive into continuous integration and deployment technology, and how they can deliver security value
Develop effective incident response processes for your agile and DevOps environments
Acquire knowledge to grow and measure your DevSecOps effectiveness over time
Complementary SafeStack Courses
Doing the courses listed below can help you get prepared for Introduction to DevSecOps.
Security Fundamentals for Software Development, which introduces the concepts of security risk, threats, and vulnerabilities.
Threat Assessment for Software Development, which teaches the skills of effective software threat modeling.
Finding and Fixing Web Application Security Vulnerabilities (and API vulnerabilities, too), which teach you about common security vulnerabilities, many of which you may find through automated security.
Syllabus
Module 1: DevOps culture and processes
Understand how agile and DevOps has changed the software development landscape
Identify the attributes of an effective secure DevOps program
Learn how to embed security into agile and product-focused teams
Learn what the paved path concept is and how it enables security
Module 2: Cloud security
Learn about the cloud and how it enables DevOps principals
Understand the security risks that must be navigated in cloud environments
Learn how to secure administrative access to the cloud
Learn how to secure cloud workloads and data
Securing your cloud networks
Securing your cloud hosts
Securing your cloud data
Module 3: Securing source code and deployment pipelines
Learn about source code management and how it has supercharged the DevOps paradigm
Understand how to manage the risks around source code management
Learn about the risks of containers and Infrastructure-as-Code
Uncover methods to manage security risks in containers Infrastructure-as-Code
Learn how to automate security with continuous integration and deployment technology
Understand how to apply security in peer code reviews
Module 4: DevOps defense
Learn how to embed resilience into continuous deployment processes
Understand security monitoring in a DevOps environment
Learn how to manage security incidents within DevOps
Module 5: Strategically growing DevSecOps
Learn what ideal target states look like for a secure DevOps capability
Uncover tips on how to get started with securing DevOps processes
Learn how to practice secure DevOps in hybrid environments