The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.
More details here - https://www.practical-devsecops.com/
2. 2
Mohammed A. Imran
Senior Security Engineer
# whoami
• Author, Speaker and Community Leader.
• Practicing DevSecOps from past 3 years.
• Organised around 100 monthly security
meetings and about 50 workshops.
• Maintainer of DevSecOps Studio and Awesome
Fuzzing Projects.
• SCJP, OSCP, OSCE
• Reachable on social media platforms @secfigo
3. 3
Introduction to DevSecOps
Secure SDLC and CI/CD
Tools of the Trade
Embed Tools in CI/CD
Practical DevSecOpsCOURSE COST
$ FREE
teachera.io/devsecops-course/
In this course, we will
learn how to take your
organization from
conventional shop to a
DevSecOps shop in easy
to follow steps.
Welcome to the world's most comprehensive DevSecOps course. By
the end of this course, you will be able to embed security as part of
DevOps or in CI/CD pipelines with confidence.
We will start off with the basics of the DevOps, DevSecOps and move
towards advanced concepts such as secrets management,
configuration management, Infrastructure as code, compliance as
code etc.,
Questions? Ask on Slack - https://teacheraio.herokuapp.com/
Manage secrets in the cloud
CM with Ansible
System hardening
Compliance as Code
6. In this section, we will cover the introduction to DevSecOps, advantages and Core
principles.
Introduction to DevSecOps
1
7. 7
DevOps is a software engineering practice that
aims at unifying software development (Dev) and
software operation (Ops). - wikipedia
DevOps is a set of practices intended to reduce the
time between committing a change to a system and
the change being placed into normal production,
while ensuring high quality - Bass, Weber, and Zhu
By definition, security is part of DevOps.
DevSecOps Development
(Software Engineering)
Security
(Quality Assurance)
Operations
DevSecOps
8. 8
Flexibility
With ever changing technology,
businesses have to be flexible and
fast to deliver value to their
customers otherwise they risk losing
the business.
Reliability
Customers need more
reliable & available systems.
DevOps reduces failure
rates.
Resilience
DevOps helps organisations in
designing and implementing resilient
systems.
Automation
Automation helps to reduce
complexity of modern systems and
can scale as per needs
Speed
Speed is competitive
advantage and DevOps
helps to go to market faster.
Development
(Software Engineering)
Security
(Quality Assurance)
Operations
DevSecOps
9. 9
Culture
DevOps is about breaking down
barriers between teams; without
culture other practices fail
C A
M S
Measurement
Measuring activities in CI/CD helps
in informed decision making among
teams
Automation
Often mistaken as DevOps itself but
a very important aspect of the
initiative.
Sharing
Sharing tools, best practices etc.,
among the teams/organization
improves confidence for collaboration.
How to DevSecOps ?
Core Values of DevOps
10. 10
Traditional SDLC
Requirements
Gather Requirements
from the client/customer
Implementation
Implement the design
agreed upon
Maintain
Maintenance of the
software
Deploy
Deploy the software to
the production
Design
Design the software according to
the requirements
12. 12
Enter the
change
Agile
Everything changed after agile,
much shorter development cycles
and faster deploys to production.
Speed with which changes are
beyond security’s (operations) 🚨
reach.
Then Agile
Happened
13. D
13
Plan & Create
Plan and implement the
code using source code
management (SCM)
A
Monitor
Create
Verify
Package
Release
Configure
DevOps
Verify
Test and verify the code
does, what business
wants.
B
Package
Package the code in a
deployable artifact & test
it in staging environment
C
Release
Release the artefact as
production ready after
change/release approvals
Configure
Configure the application/
stack using configuration
management
E
Monitor
Monitor the application
for its performance,
security and compliance
F
DevOps Cycle
16. We will setup DevSecOps environment using DevSecOps Studio
Setting up DevSecOps Environment
2
17. 17
DevSecOps Studio is a virtual environment to learn
and teach DevSecOps concepts. Its easy to get
started and is mostly automatic.
It takes lots of efforts to setup a DevSecOps
environment for training/demos and more often,
its error prone when done manually.
DevSecOps
Studio
https://github.com/teacheraio/DevSecOps-Studio/
18. 18
Lets up Git Server and DevSecOps box
Install Vagrant, Virtualbox, Ansible and Follow the below steps.
# Download the code
$ git clone https://github.com/teacheraio/DevSecOps-Studio.git && cd DevSecOps-Studio
# Download the ansible dependency roles
$ ansible-galaxy install -r requirements.yml -p provisioning/roles
# Setup the environment, takes an hour or less based on your internet speed.
$ vagrant up
19. 19
Contact Us
USA | Singapore | India
https://www.teachera.io
info@teachera.io
@teacheraio
ſ https://teacheraio.herokuapp.com/