Many organizations are undergoing digital transformation. Adopting the cloud and iterative software development techniques within software product teams often accompanies this change.
One of the more popular methods to deliver faster iterations is DevOps — the combining of software development and IT operations into a single capability. Embedding security into DevOps isn’t achieved by installing a single vendor’s product. Instead, it requires evolving your people, technology, and processes for automated and continuous security throughout your software lifecycle.
This course will cover many DevOps processes and technologies and how to manage security risks. We will also demonstrate how to achieve higher levels of security by embracing agility in software development and how to bridge the gap between DevOps and security. It will address how to secure your cloud environment, regardless of your cloud service provider. The final modules will focus on developing your incident response process for agile environments and also on how to establish a secure DevOps program.
- Learn about how security can embed and enhance DevOps processes and technology
- Review common cloud technologies, their risks, and how they enable DevOps
- Deep dive into continuous integration and deployment technology, and how they can deliver security value
- Develop effective incident response processes for your agile and DevOps environments
- Acquire knowledge to grow and measure your DevSecOps effectiveness over time
Complementary SafeStack Courses
Doing the courses listed below can help you get prepared for Introduction to DevSecOps.
- Security Fundamentals for Software Development, which introduces the concepts of security risk, threats, and vulnerabilities.
- Threat Assessment for Software Development, which teaches the skills of effective software threat modeling.
- Finding and Fixing Web Application Security Vulnerabilities (and API vulnerabilities, too), which teach you about common security vulnerabilities, many of which you may find through automated security.
Module 1: DevOps culture and processes
- Understand how agile and DevOps has changed the software development landscape
- Identify the attributes of an effective secure DevOps program
- Learn how to embed security into agile and product-focused teams
- Learn what the paved path concept is and how it enables security
Module 2: Cloud security
- Learn about the cloud and how it enables DevOps principals
- Understand the security risks that must be navigated in cloud environments
- Learn how to secure administrative access to the cloud
- Learn how to secure cloud workloads and data
- Securing your cloud networks
- Securing your cloud hosts
- Securing your cloud data
Module 3: Securing source code and deployment pipelines
- Learn about source code management and how it has supercharged the DevOps paradigm
- Understand how to manage the risks around source code management
- Learn about the risks of containers and Infrastructure-as-Code
- Uncover methods to manage security risks in containers Infrastructure-as-Code
- Learn how to automate security with continuous integration and deployment technology
- Understand how to apply security in peer code reviews
Module 4: DevOps defense
- Learn how to embed resilience into continuous deployment processes
- Understand security monitoring in a DevOps environment
- Learn how to manage security incidents within DevOps
Module 5: Strategically growing DevSecOps
- Learn what ideal target states look like for a secure DevOps capability
- Uncover tips on how to get started with securing DevOps processes
- Learn how to practice secure DevOps in hybrid environments