07/11/2022 - 07/11/2022
10:00 AM - 06:00 PM
Online Virtual Class
USD $770.00
Enroll
08/22/2022 - 08/22/2022
10:00 AM - 06:00 PM
Online Virtual Class
USD $770.00
Enroll
09/26/2022 - 09/26/2022
10:00 AM - 06:00 PM
Online Virtual Class
USD $770.00
Enroll

Duration

One Day

Outline for Introduction to DevSecOps Training

Chapter 1. What is DevSecOps 

What is DevSecOps?

DevSecOps as part of DevOps

Static Code Analysis

Dynamic Code Analysis

Secure Code Review

Defect Classifications

OWASP open web application security project

CWE common weakness enumeration

Chapter 2. DevOps and CI/CD Refresher

DevOps Basics

Principles of DevOps

DevOps Benefits

Continuous Integration

Continuous Deployment

Continuous Delivery

Typical CI/CD pipeline

Deployment strategies

Chapter 3. Tooling

Git 

Docker

Jenkins

Travis

OWASP ZAP/

Ansible

Inspec

 

 

Chapter 4. Secure SDLC 

What is Secure SDLC

Secure SDLC Activities and Security Gates

Requirements, Design, Implementation and Testing

Deployment and Maintenance

Embedding Security as part of CI/CD pipeline

DevSecOps and challenges with Pentesting and Vulnerability Assessment.

Chapter 5. DevSecOps Maturity Model (DSOMM)

Maturity levels and tasks involved

4-axes in DSOMM

Going from Maturity Level 1 to Maturity Level 4

Maturity level specific practices and challenges

Chapter 6. Software Component Analysis (SCA) 

What is Software Component Analysis.

SCA Solutions

Embedding SCA tools into the pipeline

 Chapter 7. SAST (Static Analysis Security Testing)

What is Static Application Security Testing.

Embedding SAST tools in the pipeline.

Preventing secrets exposure in the code.

Chapter 8. DAST (Dynamic Analysis Security Testing) 

What is Dynamic Application Security Testing?

Session management & AJAX Crawling

DAST tools 

SSL misconfiguration testing

Creating baseline scans for DAST.

Scan frequencies

Chapter 9. Infrastructure as Code (IaaC)

What is Infrastructure as Code? 

Benefits of Infrastructure as Code

Building Blocks

Configuration Management Systems

Ansible

Modules, tasks, roles and Playbooks

Chapter 10. Compliance as code

Handling Compliance Requirements

Using configuration management to achieve compliance.

Inspec / OpenScap

Chapter 11. Vulnerability Management

Managing vulnerabilities in the organization.

Defect Dojo