Description
This course will cover everything you need know to get started and be successful in DevSecOps. The course is made up of hands-on demos / walkthroughs, quizzes and presentations. The course also includes downloadable source code and links to all of the tools and sites mentioned so you can use on your local environment and follow along at your own pace. Key topics covered are:
- What DevSecOps is and how to get started.
- Explanations, hands-on demos and walkthroughs of important tools such as SAST, DAST and SCA.
- Turn a DevOps pipeline into a DevSecOps pipeline (GitLab YAML pipelines examples with YAML provided).
- Explanation of penetration testing and vulnerability assessments and how they align with DevSecOps.
- Key security principles explained such as CIA triad, defence in depth and least privilege.
- Key security organisations such as OWASP, CIS, and CISA.
- Key security projects such as OWASP Top 10 2021, OWASP ZAP, OWASP ASVS, CVE’s, CVSS.
- As part of this, common web application security issues will also be covered.
- Linux security fundamentals covering topics such as sudo, SSH, file permissions, updates and more.
- Docker explained, hands-on demos including how to build your own containers and recommendations to ensure they are running securely (also includes downloadable source code to build your own Docker container to test yourself!).
- Terraform explained, hands-on demos and recommendations to ensure it is implemented securely.
- Jenkins explained, hands-on demos and recommendations to ensure it is implemented and running securely.