DevSecOps, which is short for development, security and operations, is an application development practice that automates the integration of security and security practices at every phase of the software development lifecycle, from initial design through integration, testing, delivery and deployment.

Fundamentals

  • DevSecOps Principles:
    • Introduction to DevSecOps
    • Core principles and practices
    • Shift-Left security
  • Version Control with Git:
    • Basic Git commands
    • Branching and merging strategies
    • Git workflows (GitFlow, Forking)

Infrastructure as Code (IaC)

  • Introduction to IaC:
    • Benefits of IaC
    • Best practices for IaC
  • Ansible:
    • Configuration management with Ansible
    • Playbooks and modules
    • Ansible roles
  • Terraform:
    • Infrastructure provisioning with Terraform
    • Terraform modules
    • State files and remote state

CI/CD Pipelines

  • CI/CD Tools:
    • GitLab CI/CD
    • Jenkins (brief overview)
    • GitHub Actions (brief overview)
  • Pipeline Design and Implementation:
    • Creating CI/CD pipelines
    • Pipeline stages and jobs
    • Triggering pipelines
  • Security in CI/CD:
    • Secure coding practices
    • Static Application Security Testing (SAST) with SonarQube
    • Software Composition Analysis (SCA) with Trivy
    • Secret management

Containerization and Orchestration

  • Docker:
    • Docker basics
    • Docker images and containers
    • Dockerfile best practices
  • Kubernetes:
    • Kubernetes architecture
    • Deploying applications on Kubernetes
    • Kubernetes security best practices (CIS Kubernetes Benchmark)
  • Container Security:
    • Image scanning with Trivy
    • Network policies
    • Secrets management

Observability and Monitoring

  • Logging:
    • Centralized logging with tools like ELK Stack or Splunk
    • Log aggregation and analysis
  • Monitoring:
    • Infrastructure monitoring with tools like Prometheus and Grafana
    • Application performance monitoring (APM)
  • Alerting:
    • Setting up alerts for critical events
    • Alerting with tools like PagerDuty or OpsGenie

Additional Topics

  • Security Testing:
    • Dynamic Application Security Testing (DAST) with OWASP ZAP
    • Penetration testing
    • Security scanning tools

Register

Click here to register