Training Course UK: DevSecOps

Provided by

About the course

Two Days hands-on training to automate security into a fast-paced DevOps environment using various open-source tools and scripts.

Modern enterprises are implementing the technical and cultural changes required to embrace DevOps methodology by introducing practices such Continuous Integration (CI), Continuous Delivery (CD), Continuous Monitoring (CM) and Infrastructure as Code(IaC) .DevSecOps extends DevOps by introducing security in each of these practices giving a certain level of security assurance in the final product. In this training, we will demonstrate using our state-of-the-art DevSecOps Lab as to how to inject security in CI, CD, CM and IaC.

Class Overview
This is a complete hands-on training with attendees requiring only a browser to complete the entire training. Attendees will receive the DevSecOps Lab built using Vagrant and Ansible comprising of various open-source tools and scripts to help the DevOps engineers in automating security within their CI/CD pipeline.

The attendees will receive a DevSecOps-Lab VM (designed by the NotSoSecure team) containing all the code, scripts and tools that are used for building the entire DevSecOps pipeline.

Class Details
Course Objective

  • Create a security culture/mindset amongst the already integrated “DevOps” team.
  • Find and fix security bugs as early in SDLC as possible
  • Build a secure by default infrastructure
  • Build a system with continuous security monitoring

Key Takeaways

  • Understand how to tackle security issues in a fast-moving DevOps environment
  • Identify tools/solutions and develop processes to create a secure by default infrastructure
  • Utilize the integration scripts and tools provided in the DevSecOps Lab to create your own DevSecOps pipeline

Additional Information
The training received an overwhelming response at the OWASP AppSec DC event in September 2019 with around 63 registrations.

As well as at the below conferences devsecops-automating-security-devops-agile-devops-east-2019

Introduction to DevOps
Introduction and Lab Setup
Challenges with Traditional IT
What is DevOps?

Introduction to DevSecOps
Challenges for Security in DevOps
DevSecOps – Why, What and How?
Vulnerability Management

Continuous Integration
Pre-Commit Hooks
Secrets Management

Continuous Delivery
Software Composition Analysis (SCA)
Static Analysis Security Testing (SAST)
Dynamic Analysis Security Testing (DAST)

Infrastructure As Code
Vulnerability Assessment (VA)
Container Security (CS)
Compliance as Code (CaC)

Continuous Monitoring
Alerting and Monitoring
Introduction to F-ELK

DevSecOps in AWS
DevOps on Cloud Native AWS
AWS Threat Landscape
DevSecOps in Cloud Native AWS

DevSecOps Challenges and Enablers
Challenges with DevSecOps
Building DevSecOps Culture
Security Champions

Who Should Take This Class?

DevOps engineers, security and solutions architects, system administrators will also strongly benefit from this course as it’ll give them a holistic approach towards application security.

Student Requirements
Anybody with a background in IT or related to software development whether a developer or a manager can attend this course to get an insight about DevOps and DevSecOps.

Any device having a browser.

Related article

Join our cyber security training courses this spring!