Introduction to DevSecOps - Web Age Solutions

02/07/2022 - 02/07/2022

10:00 AM - 06:00 PM

Online Virtual Class

USD $770.00

Enroll

02/22/2022 - 02/22/2022

10:00 AM - 06:00 PM

Online Virtual Class

USD $770.00

Enroll

03/07/2022 - 03/07/2022

10:00 AM - 06:00 PM

Online Virtual Class

USD $770.00

Enroll

Duration

One Day

Outline for Introduction to DevSecOps

Chapter 1. What is DevSecOps

• What is DevSecOps?

• DevSecOps as part of DevOps

• Static Code Analysis

• Dynamic Code Analysis

• Secure Code Review

• Defect Classifications

• OWASP open web application security project

• CWE common weakness enumeration

Chapter 2. DevOps and CI/CD Refresher

• DevOps Basics

• Principles of DevOps

• DevOps Benefits

• Continuous Integration

• Continuous Deployment

• Continuous Delivery

• Typical CI/CD pipeline

• Deployment strategies

Chapter 3. Tooling

• Git

• Docker

• Jenkins

• Travis

• OWASP ZAP/

• Ansible

• Inspec

Chapter 4. Secure SDLC

• What is Secure SDLC

• Secure SDLC Activities and Security Gates

• Requirements, Design, Implementation and Testing

• Deployment and Maintenance

• Embedding Security as part of CI/CD pipeline

• DevSecOps and challenges with Pentesting and Vulnerability Assessment.

Chapter 5. DevSecOps Maturity Model (DSOMM)

• Maturity levels and tasks involved

• 4-axes in DSOMM

• Going from Maturity Level 1 to Maturity Level 4

• Maturity level specific practices and challenges

Chapter 6. Software Component Analysis (SCA)

• What is Software Component Analysis.

• SCA Solutions

• Embedding SCA tools into the pipeline

Chapter 7. SAST (Static Analysis Security Testing)

• What is Static Application Security Testing.

• Embedding SAST tools in the pipeline.

• Preventing secrets exposure in the code.

Chapter 8. DAST (Dynamic Analysis Security Testing)

• What is Dynamic Application Security Testing?

• Session management & AJAX Crawling

• DAST tools

• SSL misconfiguration testing

• Creating baseline scans for DAST.

• Scan frequencies

Chapter 9. Infrastructure as Code (IaaC)

• What is Infrastructure as Code?

• Benefits of Infrastructure as Code

• Building Blocks

• Configuration Management Systems

• Ansible

• Modules, tasks, roles and Playbooks

Chapter 10. Compliance as code

• Handling Compliance Requirements

• Using configuration management to achieve compliance.

• Inspec / OpenScap

Chapter 11. Vulnerability Management

• Managing vulnerabilities in the organization.

• Defect Dojo