DevSecOps Fundamentals - Including Hands-On Demos
What you'll learn
- DevSecOps tooling e.g. SAST, DAST, SCA explained
- How to add security testing to pipelines - turn a DevOps pipeline into a DevSecOps pipeline
- Key security principles explained such as defence in depth and least privilege
- YAML explained and how to use it in CI/CD pipelines
- What is OWASP and key OWASP projects explained such as OWASP Top 10 and ASVS
- Other key security related organisations and projects such as CISA, CVEs and CIS benchmarks
- Linux security fundamentals explained
- What you need to focus on to enable security testing in CI/CD pipelines
- Docker explained. How to use, build and secure Docker containers
- Kubernetes (k8s) explained. How to use and secure your Kubernetes cluster
- Terraform explained. How to use and secure your Terraform code
- How to secure your third party dependencies (and what they are)
- Jenkins explained. How to use and secure your Jenkins instances
- And much more e.g. how to secure TLS, SSH, HTTP headers and more!
- An IT background for the majority of students would be a prerequisite. This is because DevSecOps is an advanced IT topic, and it would be difficult to jump into such topics without existing IT knowledge. However, please note no security knowledge is required. Security fundamentals will be covered in this course.
This course will cover everything you need know to get started and be successful in DevSecOps. The course is made up of hands-on demos / walkthroughs, quizzes and presentations. The course also includes downloadable source code and links to all of the tools and sites mentioned so you can use on your local environment and follow along at your own pace. Key topics covered are:
What DevSecOps is and how to get started.
Explanations, hands-on demos and walkthroughs of important tools such as SAST, DAST and SCA.
Turn a DevOps pipeline into a DevSecOps pipeline (GitLab YAML pipelines examples with YAML provided).
Explanation of penetration testing and vulnerability assessments and how they align with DevSecOps.
Key security principles explained such as CIA triad, defence in depth and least privilege.
Key security organisations such as OWASP, CIS, and CISA.
Key security projects such as OWASP Top 10 2021, OWASP ZAP, OWASP ASVS, CVE's, CVSS.
As part of this, common web application security issues will also be covered.
Linux security fundamentals covering topics such as sudo, SSH, file permissions, updates and more.
Docker explained, hands-on demos including how to build your own containers and recommendations to ensure they are running securely (also includes downloadable source code to build your own Docker container to test yourself!).
Kubernetes (k8s) explained, hands-on demos and recommendations to ensure it is implemented securely.
Terraform explained, hands-on demos and recommendations to ensure it is implemented securely.
Jenkins explained, hands-on demos and recommendations to ensure it is implemented and running securely.
Also included to help with your learning of the course:
Downloadable source code so you can follow along with the hands-on demos locally e.g. custom source code/containers provided which also enables you to run DevSecOps tools against.
Links to all of the mentioned tools, projects and organisations so you can easily investigate and download any tools to your local environment.
Multi choice end of module quizzes to help reinforce learning.
At the end of the course you will:
Have a fundamental understanding of DevSecOps including common web application security issues (such as those in the OWASP Top 10), Linux security, how to use and implement DevSecOps tooling, and what key projects and organisations to reference so that you can understand and prioritise the most important issues found from your DevSecOps CI/CD pipelines.
Who this course is for:
- Aspiring DevSecOps and cyber security professionals.
- Developers looking to secure their SDLC or learn more about security and DevSecOps.
- IT professionals looking to learn more about security and DevSecOps.
British certified information security professional with over 15 years experience in the industry. Holder of multiple security related certifications such as OSCP, CISSP, CEH, Security+, multiple CREST, multiple cloud specific certifications and a first class bachelor's degree in the field of information security. He currently works as a principal security engineer for a large US software company working with DevSecOps on a daily basis.
Looking forward to helping you achieve your goals!