Your (ISC)2 South Florida Chapter is partnering with Network Intelligence, to offer this DevSecOps training:
COURSE OBJECTIVE:
This training focuses on Embedding security into the DevOps processes is referred to as DevSecOps While DevOps addresses the business need of rapidly delivering products and release code in order to satisfy customer demands, it is important that security must work in tandem with Agile and DevOps processes
In traditional development methods, security is kept at the very end of the release process
Hence, security has been viewed as a bottleneck to the rapid development methodologies such as Agile along with the software delivery pipeline
This results in a major contention and distrust between development and security teams unless they work in tandem
Just as DevOps addresses the traditional silos between Development and Operations, DevSecOps seeks to address the silos between Dev, Ops and Security teams Automated application security further facilitates reducing friction and removing bottlenecks in the CI/CD cycle
In this course, we will be learning how DevSecOps is implemented in a company by using various programming languages and open source tools It will be helpful to jumpstart in understanding and exposure to various security automation possibilities which can be integrated in DevOps related to application or infrastructure security
COURSE CONTENT
Day 1:
• Intro DevOps Culture
•DevOps Principles
•Overview of DevOps Tools
•DevOps CI/CD Pipelining
•Security & Compliance Challenges in DevOps
•Cloud Service threats
•Rapid releases
•New Technology (Microservices)
•Security challenges in CI/CD
•Case Study
•Injecting Security into CI/CD
•Hands on Open Source Tools
•Static Analaysis
•Dynamic Analysis
•Security Testing
•Git Attack & Best Pratice
•Jenkins Attack & Best Practice
•Case Study
•Shift Secure Left
•OWASP Proactive Controls
•Using Infrastructure as Code
•The ‘ HoneyMoon ’ Effect
•SDOMM or DSOMM(Maturity Model)
Day 2:
•Microservice Security
•What is Docker?
•Overview of Docker Components
•Security Concerns with Containers
•Attacking Docker Containers Misconfiguration(Hands on)
•Auditing Docker Containers(Hands on)
•Kubernetes Attacking and Defending
Day 3:
•Security Automation
•CaseStudy
•Security Policy
•Framework( BDD,Robot
•Introduction to Ansible
•Hands on Security Automation
•Security Automation Compliance
•Hands on Inspec
•Intro to Cloud DevSecOps
•Serverless Security
Examination: Participants need to pass an on-line examination after the training to be awarded with the DevOPs Security Practitioner certificate
