The objective of this course is to introduce the attendees of this training to the basic concepts of DevSecOps and to go deeper from a security point of view, topics such as:
▪ The purpose, benefits, concepts and vocabulary of DevSecOps.
▪ DevOps security practices.
▪ Business-driven security strategies.
▪ The use and benefits of red and blue teams.
▪ Integrating security into continuous delivery workflows,
▪ How DevSecOps roles fit into a DevOps culture and organization.
▪ Docker + Kubernetes security.
▪ Jenkins - Orchestrating AST (App Security Testing).
▪ Gitlab - Community vs. Enterprise (Security Features)
▪ SAST (how to integrate static code analysis into the pipeline).
▪ DAST (how to integrate dynamic analysis in the pipeline)
▪ Auditing and control of the entire pipeline.
▪ Agile infrastructure availability (infrastructure as code).
▪ Blue and Green deployment
▪ Integration with network security infrastructure (WAF, etc)