DevSecOps

DevSecOps

Ever wondered how to handle a deluge of security issues and reduce cost of fixing before software goes to production ? How unicorns like Google, Facebook, Amazon, Etsy handle security at scale? In Practical DevSecOps training, you will learn how to handle security at scale using DevSecOps practices. We will start off with the basics of the DevOps, DevSecOps and move towards advanced concepts such as Security as Code, Compliance as Code, Configuration management, Infrastructure as code etc.,

The training will be based on DevSecOps Studio, a distribution for DevSecOps enthusiasts. We will cover real-world DevSecOps tools and practices in order to obtain an in-depth understanding of the concepts learned as part of the course.

We will also cover how to use static analysis (SAST), Dynamic Analysis (DAST), OS hardening and Security Monitoring as part of the Secure SDLC and how to select tools which fit your organization needs and culture.

After the training, the students will be able to successfully hack and secure applications before hackers do. The training will also include a CTF challenge in the end, where the attendees will use skills learned in the training to solve the CTF challenges. The students will be provided with slides, tools and Virtual machines used during the course.

Syllabus

This course will cover the following DevSecOps topics and techniques:

1. Introduction to DevOps and DevSecOps

2. DevSecOps Tools of the trade including DevSecOps Studio

3. Secure SDLC and CI/CD pipeline

4. Amazon Web Services and its various security features

5. Container (Docker) Security

6. Configuration/Secret Management and its Security

7. SAST (Static Analysis) in CI/CD pipeline

8. DAST (Dynamic Analysis) in CI/CD pipeline

9. Runtime Analysis( RASP, IAST) and how to select tools.

10. Infrastructure as Code and Its Security

11. Vulnerability Management with custom tools

12. Patch Management and Security Monitoring

13. Automate compliance activities to achieve PCI/DSS/HIPAA compliance

Who should take this course?

This course is aimed at anyone who is looking to embed security as part of agile/cloud/DevOps environments, like Security Professionals, Penetration Testers, Red Teamers, IT managers, Developers and DevOps Engineers.

Requirements

1. The student should have some knowledge of running basic Linux commands like ls, cd, mkdir etc.,

2. The student should have some basic understanding of application Security practices like OWASP Top 10 though not a necessity.

What Students Should Bring

1. Laptop with minimum 8GB of RAM, 60GB free hard disk space and should be able to run 3 Virtual machines simultaneously.

2. Administrator access to install software like virtual box, python etc.,

3. Trainer will provide all needed software and utilities during the first day of course

What Students Will Be Provided With

1. Tools used during the course

2. DevSecOps Studio Virtual machine setup

3 Lab Manual