English | MP4 | AVC 1920×1080 | AAC 48KHz 2ch | 1h 53m | 959 MB
Secure DevOps – The Road to Continuous Security in development lifecycle
DevOps enables rapid application development while security teams follow a traditional way of performing security checks. If security (that is, configuration checks, code analysis, vulnerability scanning, and more) is not adequately automated then it leads to increased security violations and hacking/phishing attacks. Integrating security in the DevOps ethos helps fix flaws earlier in the development process. This course shows you how to apply DevOps security best practices at every stage in your DevOps pipeline. You will learn proven approaches to reducing vulnerability and strengthening your defenses against attack. You will understand using security as code with the intent of making security and compliance consumable as a service. This course explains how DevOps security practices differ from traditional security approaches and provides techniques to embed governance and cybersecurity functions throughout the DevOps workflow. By the end of the course, you will have learned best practices in DevSecOps, the core concepts of secure DevOps, and how security can be integrated into the development pipeline.
A comprehensive course filled with step-by-step instructions, working examples, and practical insight. We take a web application and use OWASP DevSecOps Studio to show how to embed security verification in various stages of the product development pipeline. The entire course is segmented into small parts, which creates for an immersive learning experience. The different sections focus on one area and help you to decide your pace of learning.
What You Will Learn
- Integrating security into the DevOps culture and organization
- Integrating Security into Continuous Delivery workflows for continuous security
- Leverage Infrastructure as Code techniques for secure configuration management and provisioning
- Eliminate manual security practices such as risk assessments and audits by automating all the verification
- Build better defense mechanism by the use of Red and Blue teams
- Create automatic compliance by using the DevOps Audit Defense Toolkit
- Build continuous a feedback loop by automating all security checks throughout the Continuous Delivery pipeline
Table of Contents
INTEGRATE SECURITY WITHIN DEVOPS
The Course Overview
Integrate Security for a DevOps World
Risk Management in a Rapidly Changing World
Key Principles and Benefits of Secure DevOps
Business-Driven Security Strategies
OWASP Security Guidelines
APPLYING SHIFT LEFT SECURITY APPROACH
Integrating Security Into CI/CD Pipeline
Automated Security Testing
Tools of the Trade
Red and Blue Teams
SECURING DEVELOPMENT PRACTICES
Security Requirements
Architectural Considerations
Threat Modeling, Data Flow Diagrams, and Attack Surface
Identity and Access Management
Code Inspection
Environment Hardening
SECURITY VERIFICATION IN THE PIPELINE
What Is Static Application Security Testing?
Embed SAST into the CI/CD Pipeline
What Is Dynamic Application Security Testing?
Embed DAST Into the Pipeline
Runtime Application Self-Protection (RASP) versus Interactive Application Security Testing (IAST)
Software Composition Analysis
DEPLOY SECURE SOFTWARE
Infrastructure as Code
Key Management and Identity Management
Chaos Monkey and Fuzz Testing
SECURITY IN SYSTEM MONITORING
Security Monitoring
Governance, Risk, Compliance and Audit
Incident Response and Forensics
Resolve the captcha to access the links!