All Brands   >   Development   >   DevOps   >   DevSecOps 'Hands-on'

CMDBID: 73415 | Course Code: QADEVSECOPS | Duration: 3 Days
Overview >

DevSecOps has been described as 'security as code', 'a marriage of DevOps and Security' and 'Shifting security to the left'. Traditional security approaches are inefficient and largely ineffective for organisations using Agile, DevOps and Cloud - as illustrated by the massive amount of recent data breaches. DevSecOps is a new approach which embeds security to each DevOps team, with automated security testing at all stages of the software development lifecycle. Security infrastructure, policies, controls, compliance, audit and even secure operations are all coded and automated, with almost no manual processes.

This three day hands-on course begins with an overview of the DevSecOps approach, framework and DevSecOps toolkit, then looks at application security, the elements of a secure software development lifecycle, and the use of automated application security tests as part of the continuous integration / continuous deployment pipeline. Next we move on to cloud security, infrastructure as code, and potential security issues which can arise from the agile DevOps process. We cover the implementation of security controls as code, ranging from security policies, secrets management, encryption, identity and access management, to logging, monitoring and alerting. Containers and serverless architectures are introduced and potential security issues highlighted, with a review of container security technologies. A DevSecOps approach is used to integrate automated security tests and mitigate security risks. Continuous compliance as code is covered, using different approaches and appropriate DevSecOps tools for prevention, detection and remediation, leading to the concept of audit as code.

A new model for Security Operations is presented with security incident identification, management and response as code, making use of big data analysis, artificial intelligence and machine learning, alongside more traditional techniques such as signature detection and threat intelligence feeds. Finally, we look at the people aspect of DevSecOps, moving away from technology and code, to organisational and cultural aspects, skills development, team effectiveness and recruitment approaches.

The course is delivered through presentations, practical demonstrations and labs. You will gain practical hands-on experience of DevSecOps tools, automated security tests and serverless applications. You will implement security improvements to infrastructure as code, and deploy continuous compliance tools to provide ongoing security assurance for a cloud environment.

Skills >
Prerequisites >
Outline >

Course Dates

Search by:

Show only GTR courses

Page 1, showing results 1-1 out of 1
Location
Start Date
Price
ONSITE, United States
Onsite
£2040

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes