
This video provides an overview of the entire course.
In this video, understand DevOps and the steps you need to take to excel in the adoption of DevOps in your organization.
Highlight the shortcomings of Agile methodology
Learn how DevOps overcomes the shortcomings of Agile methodology
What is DevOps? What needs to do to excel at DevOps?
This video will give you an overview of new roles made when SDLC moved to the DevOps domain.
Learn about the new roles working (in coordination) in DevOps
Learn about the responsibilities of these roles
New DevOps Roles
In this video, learn about the first three major practices of continuous integration, configuration management and continuous delivery.
Learn about the major practices of DevOps and their working domain
Get an overview of DevOps tools/practices in the DevOps Lifecycle
DevOps lifecycle: Continuous Integration, Configuration Management and Continuous Delivery
In this video, learn about the three major practices of continuous monitoring, testing, and deployment.
Learn about the major practices of DevOps and their working domain
Get an overview of DevOps tools/practices in the DevOps Lifecycle
DevOps lifecycle: Continuous Monitoring, Testing and Deployment
In this video learn about software configuration management tools (Git).
Get an overview of version control
Get an overview of GitHub and GitHub account
Get an overview Git operations and flow
This video will give you an overview of vagrant: lightweight, reproducible, and portable development environments.
Get an overview of vagrant and install vagrant
Get an overview of operations
Get an overview of provisioning
In this video learn about the first three major practices of continuous integration, configuration management and continuous delivery.
Get an introduction to Docker
Learn about installation and usage
Understand role of Docker in devops
In this video learn about the first three major practices of continuous monitoring, testing and deployment.
Get an introduction to Docker networking
Learn about the basic networking
Learn about Docker overlay networks using swarm
This video will give you an overview of use cases.
Understand configuration files
Run the microservices as Docker containers
In this video understand the configuration management tools with chef, puppet and Ansible.
Learn about Ansible as cm tool
Learn about chef as cm tool
Learn about puppet as cm tool
This video will give you an overview of Ansible: provisioning, configuration management, and application deployment tool.
Learn about use cases of Ansible and provisioning
Learn about configuration management
Learn about application deployment
In this video learn about the Jenkins: continuous integration and continuous delivery.
Install of Jenkins
Get an introduction to continuous integration using Jenkins
Get an introduction to continuous delivery using Jenkins
In this video learn how to configure Jenkins with Git.
Walk through a sample example
Integrate Git and Jenkins
This video will give you an overview of how to manage containerized workloads and services.
Get an introduction to Kubernetes
Understand Kubernetes architecture
Get an hands-on: running Kubernetes locally
In this video you will learn about DevOps monitoring solutions using Monit and Nagios.
Get an introduction to monitoring
Learn about Monit: monitoring system
Learn about Nagios: monitoring system
This video will give you an overview of setup and configure Nagios.
Download and install Nagios
Setup and configure Nagios
This video will give you an overview of setup and configure Nagios.
Download and install Nagios
Setup and configure Nagios
In this video, you will look at some of the best practices. You will take a deep dive into these best practices.
Learn about the different practices in the DevOps lifecycle
This video will give you an overview of best practices of security on DevOps.
Study security in DevOps
Look at the DevSecOps model
Learn the best security practices in DevOps
In this video, you will learn about the tools used for security check.
Study the security and pre-commit security tools
Learn about some continuous integration security tools
Study the operations security tools
This video will give you an overview about the course.
The traditional techniques of security verification are simply not adequate for this new paradigm. In this video you will see how digitalization and adoption of agile and DevOps practices has changed the way we create software.
Deliver incremental software quickly
Explore adoption of DevOps practices
Learn the advantages of adopting DevOps practices
This video will give you a glimpse of severity of cyberattacks and you’ll see how to manage security risks in a rapidly changing world by adoption of DevOps principles.
Learn about the continuous security assessment for making safe and secure software
Embed security checks and verifications at different points of DevOps pipeline
Fail fast, through automation and security integrating with development tools
In this video you will see the basic principles to be followed for a successful DevOps adoption. You will also see the benefits accrued out of it.
Add robust security methods to traditional DevOps practices from day 1
Learn the “Secure by Design" principle along with code review and security testing
Learn about cost reduction by detecting and fixing security issues early
In this video you will see the strategy for transformation from DevOps to DevSecOps.
Explore the team approaches to handle security challenges
Address all the three areas of People, Process and Technology
In this video you will get to see the awesome work being done by OWASP around security.
Obtain unbiased, practical information about application security
Explore the OWASP resources and community
Explore the OWASP top 10 vulnerabilities
In this video you will see how digitalization and adoption of agile and DevOps practices has changed the way we create software. The traditional techniques of Security verification are simply not adequate for this new paradigm.
Explore Shift-Left Security checks and verifications
Learn about AppSec Pipelines
Know more about consistent processes
This video covers the best practices for automating different types of security tests.
Know that application security solutions need to evolve with changing times
Learn about the application security need that has been intensified with increasing risks
Build a comprehensive automated security testing strategy
This video showcases the various tools which are available for performing different types of security tests and scans.
Choose appropriate tools from different open source and commercial options
Explore the tools introduced by OWASP
In this video you will see the importance of Red and Blue teams, which are two distinct teams of security professionals who are all working for the betterment of the company, but doing it in opposing ways.
Approach to test resilience against any attack
Learn the two-pronged strategy to attack and defend
Perform an exercise to provide opportunity to challenge organization’s defenses realistically
In this video you will see how proper planning is quite crucial to address security requirements.
Define proper functional and non-functional requirements.
Take the first step which is to identify all the risks
Explore the security user stories for various stakeholders - User, Admin, Business Owner
In this video you will see how to take care of security principles during design and architecture phase.
Get to think about security from architecture phase
Identify the core pillars of secure architecture - Confidentiality, Integrity, Availability
Follow best practices for a secure architecture
This video shows how to apply the techniques of threat modelling, data flow diagrams and attack surface to build a secure and robust design. This would lay the foundation of a secure software.
Identify the important assets and protect them
Learn the iterative process from design and throughout the application life-cycle
Learn about STRIDE model
This video explores the importance of proper Identity and access management to allow only authorized users to access the system and resources.
Create, maintain, and use digital identities
Learn the major steps for inventory management– Define, Map, Assign
Manage identity and access across different phases – Discover, Harvest, Refine.
This video demonstrates the significance of performing code reviews in order to discover vulnerabilities and security related weaknesses.
Augment standard code review practice with security considerations
Secure code reviews look for software weakness early on
Check for areas more prone to weaknesses
The aim of this video is to learn about the security hardening.
Explore the importance of hardening
Study the hardening lifecycle
Take a look at the different automation tools
In this video you will see how Static Application Security Testing helps in finding vulnerabilities earlier in the development cycle.
Analyze software during coding and unit testing phase
Scan source code and look in binaries and configuration files
Judiciously chose static analysis tools to perform static application testing
In this video you will see how to perform Static Application Security Testing by embedding SonarQube into CI/CD pipeline.
Demonstrate static analysis testing
Explore the use of WebGoat, a deliberate vulnerable application
Learn about SonarCloud
This video explorers how Dynamic Application Security Testing helps in finding vulnerabilities on a running application.
Analyze running application for weaknesses
Learn about black-box testing where attacks are performed on running application
Judiciously chose dynamic analysis tools to perform dynamic application testing
In this video you will see how to perform Dynamic Application Security Testing by embedding Zed Attack Proxy into CI/CD pipeline.
Demonstrate dynamic analysis testing
Explore the use of WebGoat, a deliberate vulnerable application
Know more about ZAP
This video showcases newer techniques of performing Security Analysis Testing.
Instrument code for performing novel security testing and protection
Use IAST to detect vulnerabilities in a running application
Use RASP to prevent vulnerabilities from being exploited
In this video you will see how to audit the open-source components being used in any application.
Make sure that the safe and secure open-source components are being used
Track usage of OSS components
Set up policies around vulnerability management and license compliance
In this video you will see how configuration of infrastructure should be secured.
Identify and mitigate risks to infrastructure configuration
Follow best practices - Isolation, Firewall and Identity based access
Use Docker container for a safe and secure environment
In this video you will see how key management and identity management provides safe access to your applications.
Explore management of encryption keys through their entire lifecycle
Use KMS to provide organization exclusive custody of encryption keys
Use identity management to control user information
In this video you will see how companies like Netflix continuously test their production environment with various kinds of chaos. You will also see how fuzz testing can be used to expose system vulnerabilities against malicious input.
Provide seamless service in distributed / cloud computing environment
Simulate production environment with various failure scenarios
Learn about the fuzzing technique
In this video you will see how a system should be monitored for security related incidents.
Leverage both security information and event management
Monitor for violations and assign distinct categories
Know what the judiciously chosen metrics provide
In this video you will see the benefits of good Governance practices and regular audits.
Manage organization's overall governance, risk management and compliance with regulations
Track metrics across application security process, risk and SDLC
Learn more about regular audits
In this video you will see how to respond to security incidents and perform digital forensics to contain the impact and prevent future incidents.
Learn about having a proper incident response emergency plan
Aim to prevent incidents by identifying trends in the adversary community
Learn that Proper Incident Response minimizes losses and mitigates the exploited weakness
If continuous security in development lifecycle like configuration checks, code analysis, vulnerability scanning etc. is not adequately automated then it leads to increased security violations and hacking/phishing attacks. DevOps enables rapid application development and follows a traditional way of performing security checks. It helps an organization deploy software while maintaining service stability. If you’re looking to protect your organization with the collaboration of DevOps and security then is the perfect Course for you!
This comprehensive 2-in-1 course takes a step-by-step practical approach to protect your organization with the collaboration of DevOps and security using DevOps tools and technology framework. You’ll initially implement a complete DevOps cycle with use cases as well as implement DevOps using a Docker container. You’ll explore continuous integration tools and different configuration management tools using Chef, puppet, and Ansible. Moving further, you’ll create automatic compliance by using the DevOps Audit Defense Toolkit. Finally, you’ll build a continuous feedback loop by automating all security checks throughout the Continuous Delivery pipeline.
Towards the end of this course, you'll protect your organization with the collaboration of DevOps and security using DevOps tools and technology framework.
Contents and Overview
This training program includes 2 complete courses, carefully chosen to give you the most comprehensive training possible.
The first course, Professional DevOps, covers DevOps tools and technology frameworks to implement DevOps for your organization. This course helps you implement a complete DevOps cycle in your existing IT environment. Each section of this course will help you implement the DevOps culture in your professional environment. With the help of source control, continuous build, continuous integration, automated test with quality controls, and container technologies, this course will be your perfect guide to learn and apply DevOps in your organization. By the end of this course, you’ll be able to identify and choose the appropriate tools and technology framework to implement DevOps in your organization.
The second course, Practical DevOps Security, covers protecting your organization with the collaboration of DevOps and security. This course shows you how to apply DevOps security best practices at every stage in your DevOps pipeline. You will learn proven approaches to reducing vulnerability and strengthening your defenses against attack. You will understand using security as code with the intent of making security and compliance consumable as a service. This course explains how DevOps security practices differ from traditional security approaches and provide techniques to embed governance and cybersecurity functions throughout the DevOps workflow. By the end of the course, you will have learned best practices in DevSecOps, the core concepts of secure DevOps, and how security can be integrated into the development pipeline.
Towards the end of this course, you'll protect your organization with the collaboration of DevOps and security using DevOps tools and technology framework.
About the Authors
● Umar Murtaza has more than 25 years’ experience of System Administration in implementing, commissioning development, testing, and production environments. He has designed and implemented a number of DevOps environments, conducted 4- day hands-on DevOps training sessions at a number of private and government telecommunications and software companies/institutions.
● Gurpreet Sachdeva is a Technology Executive with 21+ years' experience working on some of the most challenging technologies related to Cloud Computing, DevOps, and Security. Gurpreet did his B. Tech (C.S.) from NIT, Kurukshetra, and M.S. (Software Systems) from BITS, Pilani. He is currently working as Assistant Vice President—Technology with Aricent, Gurgaon. He is a keen Java enthusiast and co-founder of Delhi – NCR – Java User Group. Gurpreet is an invited speaker in prestigious conferences such as Oracle – Java One, Great India Developer Summit.