This 2-day intermediate course to automate security into a fast-paced DevOps environment using various open-source tools and scripts.
The course is available directly from Claranet Cyber Security or you can book through one of our partners. The course is now available as live, online training and can be delivered for you individually or for your company. Contact us below with your requirements.
Attendees will be able to:
- Create a security culture/mindset amongst the already integrated “DevOps” team
- Find and fix low hanging fruits like SQL Injection, XSS and insecure libraries and dependencies as early in SDLC as possible by injecting security in CI/CD
- Build a system with continuous security monitoring
- The delegates will receive a DevSecOps-Lab VM (designed by the NotSoSecure team) containing all the code, scripts and tools that are used for building the entire DevSecOps pipeline
- Pre-requisites & Audience
- PDF Download
Modern enterprises are implementing the technical and cultural changes required to embrace DevOps methodology by introducing practices such Continuous Integration (CI), Continuous Delivery (CD), Continuous Monitoring (CM) and Infrastructure as Code(IaC) .DevSecOps extends DevOps by introducing security in each of these practices giving a certain level of security assurance in the final product. In this course, we will demonstrate using our state-of-the-art DevSecOps Lab as to how to inject security in CI, CD, CM and IaC.
As part of this course delegates will receive the DevSecOps Lab built using Vagrant and Ansible comprising of various open-source tools and scripts to help the DevOps engineers in automating security within their CI/CD pipeline. While the workshop uses Java/J2EE technology stack, the workshop is language agnostic and similar tools can be used against other application development frameworks.
A Short preview of our course is available for viewing here https://www.youtube.com/watch?v=_iGCZ4NPDqY
Introduction to DevOps
- Introduction and Lab Setup
- Challenges with Traditional IT
- What is DevOps?
Introduction to DevSecOps
- Challenges for Security in DevOps
- DevSecOps – Why, What and How?
- Vulnerability Management
- Pre-Commit Hooks
- Secrets Management
- Software Composition Analysis (SCA)
- Static Analysis Security Testing (SAST)
- Dynamic Analysis Security Testing (DAST)
Infrastructure as Code
- Vulnerability Assessment (VA)
- Container Security (CS)
- Compliance as Code (CaC)
- Alerting and Monitoring
- Introduction to F-ELK
DevSecOps in AWS
- DevOps on Cloud Native AWS
- AWS Threat Landscape
- DevSecOps in Cloud Native AWS
DevSecOps Challenges and Enablers
- Challenges with DevSecOps
- Building DevSecOps Culture
- Security Champions
Who should attend
DevOps engineers, security and solutions architects, system administrators will also strongly benefit from this course as it’ll give them a holistic approach towards application security
Anybody with a background in IT or related to software development whether a developer or a manager can attend this course to get an insight about DevOps and DevSecOps.
Delegates should bring a laptop with minimum 12 GB RAM and 40 GB of extra space and have administrator privileges
Other courses to further your knowledge
Lab-based training - written by Black Hat trainers.
These classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform penetration testing on infrastructure or web applications as a day job and wish to add to their existing skill set.
Enquire about your training
We provide training directly (live, online or in person) and also work with a range of training partners in different locations around the globe for classroom or live, online training. Please contact us with details of your requirement and we will recommend the best route to access our amazing training.