DevSecOps - Build and Release Secure Software Faster

OverviewStepsAuthor
DifficultyBeginner
AVG Duration16h
Students58
Content
Course Created with Sketch. 8 Resources Created with Sketch. 3 Exams Created with Sketch. 1 Labs Created with Sketch. 12

Description

In todays climate of data breaches and hacks - security has never been more paramount, more so if you're building and deploying at high velocity your own enterprise applications online. Enter DevSecOps!

DevSecOps promotes security across every part of the DevOps software lifecycle. Starting with development and extending all the way through into operations, security becomes everyones responsibility, all of the time.

undefined

This Learning Path is your one-stop guide to mastering DevSecOps. When it comes to managing, maintaining, and automating security, you'll want access to the right security tools for the right jobs, those that ultimately ensure your enterprise applications remain secure. 

Learning Objectives

  • Deepen your knowledge of the DevSecOps workflow and mantra
  • Know which security tool to use and when to use it

Intended Audience

  • Anyone interested in learning about DevSecOps
  • Software Engineers and Developers
  • Operations and SREs

Prerequisites

  • Basic understanding of DevOps
  • Basic understanding of software development
  • Basic understanding of the software development life cycle 

Content Outline

This Learning Path provides 16+ hours of instructional content delivered using both instructional video lectures and hands-on lab exercises.

Certificate

Your certificate for this learning path
lock

Learning Path Steps

1courses

This course introduces you to the DevOps Playbook Part 1.

2courses

This course introduces you to the DevOps Playbook Part 2.

3description

This glossary provides an extensive list of terms related to the subject of DevOps.

4courses

This course will introduce some of the core themes of cyber security, followed by two software simulations.

5labs

In this lab, you will launch a Jenkins and SonarQube CICD environment using Docker containers on a provided EC2 instance.

6labs

Integrate static code analysis within a three-stage AWS CodePipeline CI/CD pipeline to prevent vulnerabilities from making it into production in this Lab.

7labs

Explore the benefits of static code analysis for infrastructure as code, specifically Terraform, and be alerted when the analysis detects an issue in this Lab.

8labs

Learn how to use Gauntlt for security testing and protect your code against attacks with Guantlt by embedding it into a continuous integration pipeline.

9courses

In this course, you'll learn about Terraform's core concepts including HashiCorp Configuration Language, providers, resources, and state.

10courses

This course explores the Go-written tool “Terraformer” — a CLI level tool that allows you to easily Terraform already existing resources in your environment.

11labs

Develop a test to validate a Terraform module using Terratest, a popular Golang library for testing Terraform code.

12courses

This Administering Kubernetes Clusters course covers the many networking and scheduling objectives of the Certified Kubernetes Administrator (CKA) exam curriculum.

13courses

This course covers many of the configuration, multi-container pods, and services & networking objectives of the Certified Kubernetes Application Developer (CKAD) exam curriculum.

14labs

This lab is designed to show you how to install and setup Kubernetes layer-7 Network Policies using Cilium.

15labs

Istio's traffic routing rules let you easily control the flow of traffic and API calls to and from deployed cluster resources. Learn how to use Istio to perform traffic routing to a pair of sample web applications, V1 and V2, deployed within a Kubernetes cl...

16labs

In this hands-on lab, you'll learn how to set up an effective monitoring solution using the Kubernetes Dashboard, Prometheus, and Grafana.

18description

An introduction to the Open Web Application Security Project (OWASP) list of the top 10 most critical risks to web applications

19labs

This lab shows how to manage the security level of a DVWA application and how to perform a SQL injection to a DVWA application.

20labs

In this lab, you'll learn how to navigate through DVWA to perform an XSS attack to retrieve a session cookie.

21labs

In this lab, you'll perform the Heartbleed attack using the MetaSploit Framework in order to dump the contents of a vulnerable webserver using an unpatched version of OpenSSL.

22courses

This course will enable you to recognize, explain, and implement the services and functions provided by the HashiCorp Vault service.

23labs

Learn how to configure Vault to use your organization's LDAP identities and groups for authentication without duplicating usernames, passwords, or memberships.

24exam-filled

Final Exam - DevSecOps

About the Author
Students45718
Labs37
Courses94
Learning paths36

Jeremy is the DevOps Content Lead at Cloud Academy where he specializes in developing technical training documentation for DevOps.

He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 20+ years. In recent times, Jeremy has been focused on DevOps, Cloud, Security, and Machine Learning.

Jeremy holds professional certifications for both the AWS and GCP cloud platforms.