Training & Exams

DevSecOps 'Hands-on'.

About This Course

Course Code
QADEVSECOPS

Course Type
Performance Plus

Vendor
Cyber

Duration
3 Days

RRP
£1,900.00

Course Overview
Download

Overview

DevSecOps has been described as 'security as code', 'a marriage of DevOps and Security' and 'Shifting security to the left'. Traditional security approaches are inefficient and largely ineffective for organisations using Agile, DevOps and Cloud - as illustrated by the massive amount of recent data breaches. DevSecOps is a new approach which embeds security to each DevOps team, with automated security testing at all stages of the software development lifecycle. Security infrastructure, policies, controls, compliance, audit and even secure operations are all coded and automated, with almost no manual processes.

This three day hands-on course begins with an overview of the DevSecOps approach, framework and DevSecOps toolkit, then looks at application security, the elements of a secure software development lifecycle, and the use of automated application security tests as part of the continuous integration / continuous deployment pipeline. Next we move on to cloud security, infrastructure as code, and potential security issues which can arise from the agile DevOps process. We cover the implementation of security controls as code, ranging from security policies, secrets management, encryption, identity and access management, to logging, monitoring and alerting. Containers and serverless architectures are introduced and potential security issues highlighted, with a review of container security technologies. A DevSecOps approach is used to integrate automated security tests and mitigate security risks. Continuous compliance as code is covered, using different approaches and appropriate DevSecOps tools for prevention, detection and remediation, leading to the concept of audit as code.

A new model for Security Operations is presented with security incident identification, management and response as code, making use of big data analysis, artificial intelligence and machine learning, alongside more traditional techniques such as signature detection and threat intelligence feeds. Finally, we look at the people aspect of DevSecOps, moving away from technology and code, to organisational and cultural aspects, skills development, team effectiveness and recruitment approaches.

The course is delivered through presentations, practical demonstrations and labs. You will gain practical hands-on experience of DevSecOps tools, automated security tests and serverless applications. You will implement security improvements to infrastructure as code, and deploy continuous compliance tools to provide ongoing security assurance for a cloud environment.

Due to the interactive nature of the course and labs, it will be delivered on site at Nexus training centres and is not suitable for online learning.

Objectives

Delegates will learn about the following topics:

Course Outline

DAY ONE

Introduction


DevSecOps Approach, Framework and Toolkit


Automated Application Security Testing


Infrastructure as Code and Unit Tests


DAY TWO

Cloud Security


Continuous Compliance


DAY THREE

Containers


Serverless


A DevSecOps model for Security Operations


People aspects of DevSecOps

Prerequisites

This course is primarily aimed at:

There are no particular pre-requisites, however delegates will benefit from any knowledge and experience of DevOps, application and infrastructure security.

About This Course

Course Code
QADEVSECOPS

Course Type
Performance Plus

Vendor
Cyber

Duration
3 Days

RRP
£1,900.00

Course Overview
Download