Securing Your DevOps Pipelines (Video Training)

Description

4+ Hours of Video Instruction

Security is the top concern of businesses today. Milecia McGregor shows developers how to mitigate security risks by implementing DevSecOps best practices.

Description

Every organization with a DevOps framework should be looking to shift toward a DevSecOps mindset, bringing individuals of all abilities and across all technology disciplines to a higher level of proficiency in security. From testing for potential security exploits to building business-driven security services, a DevSecOps framework that uses DevSecOps tools ensures security is built into applications rather than being bolted on haphazardly afterwards.

In Securing Your DevOps Pipelines: DevSecOps Best Practices, Milecia covers how DevSecOps improves upon regular DevOps pipelines. She covers the tools and methodologies you can use to bring DevSecOps to your organization. By the end of the course, you will know how to build a DevSecOps pipeline and how to integrate different tools to handle the OWASP Top Ten, as well as compliance checks to stay up to date with regulations like HIPAA, PCI, and GDPR.

About the Instructor

Milecia McGregor is a software generalist who has worked in numerous areas of tech. She has a master's degree in mechanical and aerospace engineering and has done machine learning work for humancomputer interfaces on autonomous vehicles. She has done work on the front-end and back-end, data science, robotics, DevOps, cybersecurity, blockchain, VR, and other areas. Milecia has worked on projects like the Mozilla VPN and apps that work with brain signals. She is also an international speaker in the tech community with talks covering a variety of topics across multiple programming languages.

Skill Level

• Beginner to Intermediate

What You Will Learn

Developers and engineers will learn to

• Build a DevSecOps pipeline in CircleCI with several industry standard tools
• Deploy a TypeScript full-stack app and see how DevSecOps reports security risks
• Learn how to get your organization onboard with a security and DevOps mindset
• Perform simple automated security audits to further check for vulnerabilities

Who Should Take This Course

DevOps professionals and site reliability engineers, software developers, technical project managers, security engineers

Course Requirements

Some experience with DevOps pipelines, some knowledge of the OWASP Top Ten and web application authentication, authorization, and other security principles

Table of Contents

Introduction

Lesson 1: Background on DevOps
Learning objectives
1.1 Understand where DevOps came from
1.2 Learn how DevOps works
1.3 DevOps versus Waterfall

Lesson 2: Security in DevOps or DevSecOps
Learning objectives
2.1 Show where security comes in
2.2 Learn how issues get to production
2.3 Learn the OWASP 10 top security risks
2.4 Understand how attackers gain unauthorized access to apps
2.5 Learn the basics of DevSecOps
2.6 Use DevSecOps to mitigate risks

Lesson 3: DevSecOps Tools
Learning objectives
3.1 Learn about SAST
3.2 Use SAST tools
3.3 Learn about DAST
3.4 Use DAST tools
3.5 Learn about IAST
3.6 Use IAST tools
3.7 Learn about OAST
3.8 Use OAST tools

Lesson 4: Setting up a DevSecOps Pipeline
Learning objectives
4.1 Set up the project
4.2 Set up CircleCI
4.3 Write the CircleCI config
4.4 Break down the pipeline steps
4.5 Add security to each step

Lesson 5: Final Security Checks
Learning objectives
5.1 Learn how pen-testing works
5.2 Use Kali Linux tools
5.3 Use bug bounties
5.4 Perform compliance audits

Summary

About Pearson Video Training

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Sams, and Que. Topics include: IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at informit.com/video.

Video Lessons are available for download for offline viewing within the streaming format. Look for the green arrow in each lesson.

Sample Content

Table of Contents

Introduction

Lesson 1: Background on DevOps
Learning objectives
1.1 Understand where DevOps came from
1.2 Learn how DevOps works
1.3 DevOps versus Waterfall

Lesson 2: Security in DevOps or DevSecOps
Learning objectives
2.1 Show where security comes in
2.2 Learn how issues get to production
2.3 Learn the OWASP 10 top security risks
2.4 Understand how attackers gain unauthorized access to apps
2.5 Learn the basics of DevSecOps
2.6 Use DevSecOps to mitigate risks

Lesson 3: DevSecOps Tools
Learning objectives
3.1 Learn about SAST
3.2 Use SAST tools
3.3 Learn about DAST
3.4 Use DAST tools
3.5 Learn about IAST
3.6 Use IAST tools
3.7 Learn about OAST
3.8 Use OAST tools

Lesson 4: Setting up a DevSecOps Pipeline
Learning objectives
4.1 Set up the project
4.2 Set up CircleCI
4.3 Write the CircleCI config
4.4 Break down the pipeline steps
4.5 Add security to each step

Lesson 5: Final Security Checks
Learning objectives
5.1 Learn how pen-testing works
5.2 Use Kali Linux tools
5.3 Use bug bounties
5.4 Perform compliance audits

Summary

Updates

Submit Errata