Course Outline

Day One:

Introduction

DevSecOps at a Glance

  • CI (Continuous Integration) and CD (Continuous Delivery)
  • Shifting security to the left, the DevOps way

DevSecOps Method Theories

  • Security for DevOps technologies
  • When and how security interacts with the application and the development lifecycle
  • Shared ownership of security responsibilities and activities

Day Two:

DevSecOps with Jenkins

  • Creating an agent
  • Creating a pipeline job
  • Using SYNK and SonarQube for SAST security scanning
  • Using Arachini and OWASP-ZAP for DAST security scanning
  • Using Anchore and Aqua MicroScanner for image security scanning
  • Developing a DevSecOps pipeline
  • Enabling CI and CD

Security Automation

  • Automating security testing with Gaunit
  • Running an automated attack

Application Security Automation

  • Automating and refactoring XSS attack
  • Automating SQLi attack
  • Automating a fuzzer
  • Testing security in software delivery pipelines

Summary and Conclusion

Requirements

  • An understanding of the DevOps process

Audience

  • DevOps
  14 Hours
 

Number of participants


Starts

Ends


Dates are subject to availability and take place between 09:30 and 16:30.
Open Training Courses require 5+ participants.

Related Courses

Related Categories