Course Outline
Day One:
Introduction
DevSecOps at a Glance
- CI (Continuous Integration) and CD (Continuous Delivery)
- Shifting security to the left, the DevOps way
DevSecOps Method Theories
- Security for DevOps technologies
- When and how security interacts with the application and the development lifecycle
- Shared ownership of security responsibilities and activities
Day Two:
DevSecOps with Jenkins
- Creating an agent
- Creating a pipeline job
- Using SYNK and SonarQube for SAST security scanning
- Using Arachini and OWASP-ZAP for DAST security scanning
- Using Anchore and Aqua MicroScanner for image security scanning
- Developing a DevSecOps pipeline
- Enabling CI and CD
Security Automation
- Automating security testing with Gaunit
- Running an automated attack
Application Security Automation
- Automating and refactoring XSS attack
- Automating SQLi attack
- Automating a fuzzer
- Testing security in software delivery pipelines
Summary and Conclusion
Requirements
- An understanding of the DevOps process
Audience
- DevOps
Testimonials (5)
working with DevOps Toolchain
Kesh - Vodacom
Course - DevOps Foundation®
Being introduced to some technologies I wish I knew earlier.
Michel - Vanier College
Course - DevOps Practical Implementation and Tools
I like the interactive approach taken by the trainer.
Patrik - Deutsche Telekom IT & Telecommunications Slovakia s.r.o
Course - Site Reliability Engineering (SRE) Foundation®
I like all the possibilities that I discovered in the course about DevOps options that I can apply in order to have a better CD/CI workflow!
Juan Manuel - si
Course - Jenkins: Continuous Integration for Agile Development
Very detailed, trainer knows the subject very well and has covered a lot of topics