SEC534: Secure DevOps: A Practical Introduction explains the fundamentals of DevOps and how DevOps teams can build and deliver secure software. You will learn how DevOps principles, practices, and tools and how they can be leveraged to improve the reliability, integrity, and security of systems.
Using lessons from successful DevOps security programs, this course will explain how Secure DevOps can be implemented. Students will gain hands-on experience using popular open-source tools such as Puppet, Jenkins, GitLab, Vault, Grafana, and Docker to automate Configuration Management (“Infrastructure as Code”), Continuous Integration (CI), Continuous Delivery (CD), containerization, micro-segmentation, automated compliance (“Compliance as Code”), and Continuous Monitoring. The lab environment starts with a CI/CD pipeline that automatically builds, tests, and deploys infrastructure and applications. Leveraging the Secure DevOps toolchain, students perform a series of labs injecting security into the CI/CD pipeline using a variety of security tools, patterns, and techniques.
YOU WILL LEARN:
- Foundations and principles of DevOps, Continuous Delivery, and Continuous Deployment
- The security risks and challenges posed by DevOps
- The keys to successful DevOps security programs
- How to build security into Continuous Delivery and Continuous Deployment
- The tools, patterns, and techniques of security automation in DevOps
- How to secure your build and deployment environment and tool chain
- How to leverage Infrastructure as Code for secure configuration management and provisioning
- How manual security practices (risk assessments, audits, and pen tests) can be adapted to continuously changing environments, and the important role that they still play
- Security risks and challenges posed by containers, and how to secure container technology
- How to automate compliance in DevOps, using the DevOps Audit Defense Toolkit
