Practical DevSecOps Course - Part 1
10 likes3,906 views
This document outlines the comprehensive DevSecOps course offered by Teachera.io, focusing on integrating security into DevOps and CI/CD pipelines. It emphasizes practical steps to transform organizations from traditional methods to a DevSecOps approach, covering essential topics like secrets management and compliance as code. The course is free and designed to equip participants with the skills needed to embed security confidence and efficiently manage software development and operations.
Practical DevSecOps Course - Part 1
- 1. Practical DevSecOps The most comprehensive DevSecOps Course @teacheraioɂ www.teachera.io [email protected]
- 2. 2 Mohammed A. Imran Senior Security Engineer # whoami • Author, Speaker and Community Leader. • Practicing DevSecOps from past 3 years. • Organised around 100 monthly security meetings and about 50 workshops. • Maintainer of DevSecOps Studio and Awesome Fuzzing Projects. • SCJP, OSCP, OSCE • Reachable on social media platforms @secfigo
- 3. 3 Introduction to DevSecOps Secure SDLC and CI/CD Tools of the Trade Embed Tools in CI/CD Practical DevSecOpsCOURSE COST $ FREE teachera.io/devsecops-course/ In this course, we will learn how to take your organization from conventional shop to a DevSecOps shop in easy to follow steps. Welcome to the world's most comprehensive DevSecOps course. By the end of this course, you will be able to embed security as part of DevOps or in CI/CD pipelines with confidence. We will start off with the basics of the DevOps, DevSecOps and move towards advanced concepts such as secrets management, configuration management, Infrastructure as code, compliance as code etc., Questions? Ask on Slack - https://teacheraio.herokuapp.com/ Manage secrets in the cloud CM with Ansible System hardening Compliance as Code
- 5. 5 Tools of the Trade
- 6. In this section, we will cover the introduction to DevSecOps, advantages and Core principles. Introduction to DevSecOps 1
- 7. 7 DevOps is a software engineering practice that aims at unifying software development (Dev) and software operation (Ops). - wikipedia DevOps is a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality - Bass, Weber, and Zhu By definition, security is part of DevOps. DevSecOps Development (Software Engineering) Security (Quality Assurance) Operations DevSecOps
- 8. 8 Flexibility With ever changing technology, businesses have to be flexible and fast to deliver value to their customers otherwise they risk losing the business. Reliability Customers need more reliable & available systems. DevOps reduces failure rates. Resilience DevOps helps organisations in designing and implementing resilient systems. Automation Automation helps to reduce complexity of modern systems and can scale as per needs Speed Speed is competitive advantage and DevOps helps to go to market faster. Development (Software Engineering) Security (Quality Assurance) Operations DevSecOps
- 9. 9 Culture DevOps is about breaking down barriers between teams; without culture other practices fail C A M S Measurement Measuring activities in CI/CD helps in informed decision making among teams Automation Often mistaken as DevOps itself but a very important aspect of the initiative. Sharing Sharing tools, best practices etc., among the teams/organization improves confidence for collaboration. How to DevSecOps ? Core Values of DevOps
- 10. 10 Traditional SDLC Requirements Gather Requirements from the client/customer Implementation Implement the design agreed upon Maintain Maintenance of the software Deploy Deploy the software to the production Design Design the software according to the requirements
- 12. 12 Enter the change Agile Everything changed after agile, much shorter development cycles and faster deploys to production. Speed with which changes are beyond security’s (operations) 🚨 reach. Then Agile Happened
- 13. D 13 Plan & Create Plan and implement the code using source code management (SCM) A Monitor Create Verify Package Release Configure DevOps Verify Test and verify the code does, what business wants. B Package Package the code in a deployable artifact & test it in staging environment C Release Release the artefact as production ready after change/release approvals Configure Configure the application/ stack using configuration management E Monitor Monitor the application for its performance, security and compliance F DevOps Cycle
- 16. We will setup DevSecOps environment using DevSecOps Studio Setting up DevSecOps Environment 2
- 17. 17 DevSecOps Studio is a virtual environment to learn and teach DevSecOps concepts. Its easy to get started and is mostly automatic. It takes lots of efforts to setup a DevSecOps environment for training/demos and more often, its error prone when done manually. DevSecOps Studio https://github.com/teacheraio/DevSecOps-Studio/
- 18. 18 Lets up Git Server and DevSecOps box Install Vagrant, Virtualbox, Ansible and Follow the below steps. # Download the code $ git clone https://github.com/teacheraio/DevSecOps-Studio.git && cd DevSecOps-Studio # Download the ansible dependency roles $ ansible-galaxy install -r requirements.yml -p provisioning/roles # Setup the environment, takes an hour or less based on your internet speed. $ vagrant up
- 19. 19 Contact Us USA | Singapore | India https://www.teachera.io [email protected] @teacheraio ſ https://teacheraio.herokuapp.com/