+1 909 277 6076 support@otsglobal.org

DevSecOps

 

DevOps is the collaboration of IT operations and software development in the service lifecycle. DevSecOps is the implementation of security practices within the DevOps process. DevSecOps is a practice used for securing and evolving consistently-changing systems at scale.

This instructor-led, live training (online or onsite) is aimed at DevOps who wish to secure the DevOps process with DevSecOps programs.

By the end of this training, participants will be able to:

  • Understand how a DevSecOps program can integrate security into a software development pipeline.
  • Build a secure continuous delivery pipeline.
  • Automate security testing for a software delivery workflow.

Format of the Course

  • Interactive lecture and discussion.
  • Lots of exercises and practice.
  • Hands-on implementation in a live-lab environment.

Course Customization Options

  • To request a customized training for this course, please contact us to arrange.

 

Duration

  • 14 hours (usually 2 days including breaks)

Requirements

  • An understanding of the DevOps process

Audience

  • DevOps

Need help? Contact us!

Course Outlines

Day One:

Introduction

DevSecOps at a Glance

  • CI (Continuous Integration) and CD (Continuous Delivery)
  • Shifting security to the left, the DevOps way

DevSecOps Method Theories

  • Security for DevOps technologies
  • When and how security interacts with the application and the development lifecycle
  • Shared ownership of security responsibilities and activities

Day Two:

DevSecOps with Jenkins

  • Creating an agent
  • Creating a pipeline job
  • Using SYNK and SonarQube for SAST security scanning
  • Using Arachini and OWASP-ZAP for DAST security scanning
  • Using Anchore and Aqua MicroScanner for image security scanning
  • Developing a DevSecOps pipeline
  • Enabling CI and CD

Security Automation

  • Automating security testing with Gaunit
  • Running an automated attack

Application Security Automation

  • Automating and refactoring XSS attack
  • Automating SQLi attack
  • Automating a fuzzer
  • Testing security in software delivery pipelines

Summary and Conclusion

Conquering The Web

  • Retrieving web pages
  • Parsing HTML and XML
  • Filling web forms automatically
  • Creating web applications in Python