DevSecOps training icon

DevSecOps training

1 day DevSecOps training class

Brand new for 2020, this 1-day intermediate course to automate security into a fast-paced DevOps environment using various open-source tools and scripts.

The course is available directly from Claranet Cyber Security or you can book through one of our partners. The course is now available as live, online training and can be delivered for you individually or for your company. Contact us below with your requirements.

Attendees will be able to:

  • Create a security culture/mindset amongst the already integrated “DevOps” team.
  • Find and fix low hanging fruits like SQL Injection, XSS and insecure libraries and dependencies as early in SDLC as possible by injecting security in CI/CD
  • Build a system with continuous security monitoring

Delegates receive:

  • The delegates will receive a DevSecOps-Lab VM (designed by the NotSoSecure team) containing all the code, scripts and tools that are used for building the entire DevSecOps pipeline
  • Overview
  • Details
  • Pre-requisites & Audience
  • Brochure Download

Modern enterprises are implementing the technical and cultural changes required to embrace DevOps methodology by introducing practices such Continuous Integration (CI), Continuous Delivery (CD), Continuous Monitoring (CM) and Infrastructure as Code(IaC) .DevSecOps extends DevOps by introducing security in each of these practices giving a certain level of security assurance in the final product. In this course, we will demonstrate using our state-of-the-art DevSecOps Lab as to how to inject security in CI, CD, CM and IaC.

As part of this course delegates will receive the DevSecOps Lab built using Vagrant and Ansible comprising of various open-source tools and scripts to help the DevOps engineers in automating security within their CI/CD pipeline. While the workshop uses Java/J2EE technology stack, the workshop is language agnostic and similar tools can be used against other application development frameworks.

A Short preview of our course is available for viewing here https://www.youtube.com/watch?v=_iGCZ4NPDqY

Introduction to DevOps

  • Introduction and Lab Setup
  • Challenges with Traditional IT
  • What is DevOps?

Introduction to DevSecOps

  • Challenges for Security in DevOps
  • DevSecOps – Why, What and How?
  • Vulnerability Management

Continuous Integration

  • Pre-Commit Hooks
  • Secrets Management

Continuous Delivery

  • Software Composition Analysis (SCA)
  • Static Analysis Security Testing (SAST)
  • Dynamic Analysis Security Testing (DAST)

Infrastructure as Code

  • Vulnerability Assessment (VA)
  • Container Security (CS)
  • Compliance as Code (CaC)

Continuous MNonitoring

  • Alerting and Monitoring
  • Introduction to F-ELK

DevSecOps in AWS

  • DevOps on Cloud Native AWS
  • AWS Threat Landscape
  • DevSecOps in Cloud Native AWS

DevSecOps Challenges and Enablers

  • Challenges with DevSecOps
  • Building DevSecOps Culture
  • Security Champions

Who should attend

DevOps engineers, security and solutions architects, system administrators will also strongly benefit from this course as it’ll give them a holistic approach towards application security

Pre-requisites

Anybody with a background in IT or related to software development whether a developer or a manager can attend this course to get an insight about DevOps and DevSecOps.

Delegates should bring a laptop with minimum 12 GB RAM and 40 GB of extra space and have administrator privileges

Download

Download brochure

Other courses to further your knowledge

Lab-based training - written by Black Hat trainers.

These classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform penetration testing on infrastructure or web applications as a day job and wish to add to their existing skill set.

Enquire about your training

We provide training directly (live, online or in person) and also work with a range of training partners in different locations around the globe for classroom or live, online training. Please contact us with details of your requirement and we will recommend the best route to access our amazing training.

The course can also be booked directly through our accredited training partners.

Our accreditations

Crest
Check
Cyber essentials
ISO 27001
CEH Accreditation
CCISO Accreditation
CISSP Accreditation
CRISC Accreditation
OSCE Accreditation
OSCP Accreditation