Instructor-Led Automation Training
Implementing DevSecOps
3 days
This course begins by laying the foundation of DevSecOps, explaining the principles, practices, cultural aspects and tooling landscape. It then goes on to show you how to incorporate various practices into the Continuous Delivery pipeline: perform Software Composition Analysis (SCA) and add it to the Continuous Integration pipeline, perform static code analysis and project gating using SAST tools, implement security best practices while writing Dockerfiles to build images, scan container images for vulnerability, perform Dynamic Application Software Testing (DAST) on a live environment, set up a centralized vulnerability management system to provide visibility and alerting, and build a cloud native DevSecOps pipeline.
Students will learn to:
- Perform SCA
- Use SAST Tools
- Write Dockerfiles
- Perform DAST
- Use IaC to enforce compliance
- Collect Logs
- Analyze events detection & monitoring of security issues
- Learn to address cloud and container-related risks
Course Outline
- Setting Up the Lab Environment
- Building a DevOps Pipeline
- Securing the Supply Chain with SCA
- Static Application Security Testing (SAST)
- Auditing Container Images
- Secure Deployment and Dynamic Application Security Testing (DAST)
- System Security Auditing with IAC
- Securing Kubernetes Deployments
- Secrets Management with Vault
- Runtime Security Monitoring and Remediation