DSO101 – DevSecOps Fundamentals

Course Learning Objectives

By the end of this course, you’ll learn about the Agile, Waterfall, and DevOps software development methodologies, how security fits into DevOps, how your organization can prepare for a DevOps culture, how to select DevOps tools, and best practices for implementing DevSecOps in your organization. You’ll also learn about the roles of APIs, containers, automation, and continuous integration and delivery in DevSecOps.

Description

This course introduces the philosophy and best practices behind DevSecOps. It covers how an organization can build a DevSecOps program and application development pipeline that can keep up with the pace of modern development without sacrificing software security.

Audience Time Required
Software Developers and Architects
Operations Engineers
System Admins

Tailored learning – 60 minutes total (approx.)

Course Outline

1. The Basics of Software Development

  • Software development
  • Waterfall Model
  • Agile
  • Agile manifesto
  • Disadvantages of Waterfall
  • Agile fills the gap

2. DevOps Basics

  • Development scenario
  • Development and Operations frictions
  • Where DevOps fits?
  • What about Agile and Waterfall?
  • The DevOps culture challenge
  • What are the next steps?

3. DevOps and Security

  • Security scan process
  • Security considerations
  • Speed up development and security
  • Automation
  • Education
  • Tools

4. Shift Left

  • Security and slowdown
  • The traditional approach
  • The modern approach
  • Shift left
  • How do we shift left?
  • Supporting security

5. Before you Start

  • APIs
  • The cloud
  • Finding the right fit
  • Selecting a tool
  • Languages, technologies, and tools
  • Portability
  • Budget
  • Manual testing
  • SAST
  • DAST
  • IAST
  • RASP
  • Return on investment
  • Automated testing with a secure SDLC
  • Remediation time
  • Compatibility with Agile and DevOps
  • Involving and educating
  • Don’t forget about IAST
  • Don’t forget about RASP either

6. Tooling

  • CI/CD
  • Containers and testing
  • Container example
  • Integration and management
  • Secure operations
  • Teams and automation
  • Scanning and encryption
  • Integration and automation
  • Plan and develop tools
  • Build tools
  • Test tools
  • Deploy and operate tools
  • Monitor and scale tools
  • Stack, scale, and secure

7. Implementation

  • Where to start?
  • Assemble your security team
  • Use a standard toolset
  • Build your security process
  • Automate builds
  • Security tests
  • Adapt and evolve