Description
This course will cover everything you need know to get started and be successful in DevSecOps. The course is made up of hands-on demos / walkthroughs, quizzes and presentations. The course also includes downloadable source code and links to all of the tools and sites mentioned so you can use on your local environment and follow along at your own pace. Key topics covered are:
- What DevSecOps is and how to get started.
- Explanations, hands-on demos and walkthroughs of important tools such as SAST, DAST and SCA.
- Turn a DevOps pipeline into a DevSecOps pipeline (GitLab YAML pipelines examples with YAML provided).
- Explanation of penetration testing and vulnerability assessments and how they align with DevSecOps.
- Key security principles explained such as CIA triad, defence in depth and least privilege.
- Linux security fundamentals covering topics such as sudo, SSH, file permissions, updates and more.
- StackHawk Tool DemoDynamic Application Security Testing (DAST) is the process of analyzing a web application through the front-end to find vulnerabilities through simulated attacks. This type of approach evaluates the application from the “outside in” by attacking an application like a malicious user would. After a DAST scanner performs these attacks, it looks for results that are not part of the expected result set and identifies security vulnerabilities.