The course is designed to teach practical steps on how to integrate security programs into DevOps practices and highlights how professionals can use data and security science as the primary means of protecting the organization and customer.
DevSecOps aims to maximize the predictability, efficiency, security, and maintainability of operational processes. To implement DevOps successfully in an organization, it’s necessary to address the people , Process & Technology .Embedding security into the DevOps processes is referred to as DevSecOps.
DevOps addresses the business need of rapidly delivering products and release code in order to satisfy customer demands, it is important that security must work in tandem with Agile and DevOps processes.Just as DevOps addresses the traditional silos between Development and Operation. DevSecOps seeks to address the silos between Dev, Ops and Security teams. Automated application security further facilitates reducing friction and removing bottlenecks in the CI/CD cycle .
As companies are pushing code faster and more often than ever, the rate of vulnerabilities in our systems is accelerating. As we are being asked to do more with less, DevOps has shown immense value to business and security as an integral component that needs to be integrated into the strategy.
Topics covered in the course include how DevSecOps provides the business value of DevOps and the ability DevOps has to enable the business and support an organizational transformation with the ultimate goal of increasing productivity, reducing risk, and optimizing cost in the organization
REAL LIFE CASE STUDIES
INDUSTRY DRIVEN CERTIFICATION
STUDENT LEARNING KIT
The Core Comparison between DevSecOps and DevOps, looks at the definition of the security framework and explains the ‘why’ and ‘how’.
By the end of the module, students will be acquainted with the DevSecOps security mindset, along with its principles and concepts.
We will also provide students with an introduction to business transformation and the importance of scaling through automation
- OWASP Top 10 & OWASP ASVS
- Agile Methodology
- DevOps Culture & Principles
- Overview of DevOps Tools
- DevOps CI/CD Pipelining
- DevOps Deployment Pipeline
- Deployment Kata
- Security & Compliance Challenges in DevOps
- Speed – The Velocity of Delivery
- Principle of YAGNI
- Eliminating Waste’s & Delay’s
- Downside’s of Microservices
- Segregation of Duties in DevOps
- Change Control Management
- Case Study on DevOps
- OWASP Controls
- Security as-a Self-Service
- Using Infrastructure as Code
- The ‘HoneyMoon’ Effect
- CD Security Workflow
- Secure Design in DevOps
- Threat Modelling in DevOps
- Securing the Software Supply Chain
- OWASP Dependency Check
- Bundler Audit for Ruby
- Safe NuGet for NuGet Libraries
- Nexus Lifecycle
- Secure Coding in CD
- Static Analysis in CD
- Automated Dynamic Analysis in CD
- Vulnerability Management in DevOps
- this module, we will discuss some further practices used to increase security within the operations environment and how to scale DevSecOps practices across an enterprise.
- We will talk about basic security consideration, vulnerability and patch management, and the importance of pre-secured environments to the shift-left mindset.
- We will also reinforce the necessity of cultural transformation, moving away from internal competition and siloed thinking in order to build cooperative teams.
This module explains the importance of governance, risk management and compliance, as well as their related security principles and concepts.
We’ll discuss what GRC means in a DevOps context and the reason why we should implement the shift left mindset to audit and compliance.
Students will also gain an insight into policy as a code, and together we’ll debunk some myths about separation of duties.
By the end of this module, students will be able to describe the key concepts that underline GRC and audit in DevSecOps and demonstrate an understanding of how to apply in practice the main GRC considerations.
- We will explore the benefits of SIEM with log management and possible approaches to incident response.
- Cloud Security Solutions,Container Security, Docker Security and Openshift Security Will be discussed in depth .
- We will also go through the concepts of threat intelligence integration and info sharing.
who should attend this training?
IT managers, directors, and corporate stakeholders seeking a greater understanding of the DevSecOps methodology
why should i take this training?
Security is one of the biggest topics in the DevOps community right now. Getting practical knowledge in DevSecOps can really make a candidate stand out.
The course offers interactive practicals, instructor-led Sessions with experienced subject matter experts
what is the total duration of this training?
Its an Instructor-led online training and the total duration of the training is 40 hours.
For more details about
DevSecops engineer kindly fill