No one needs to tell you the damage a security breach can cause to your business. The way to shield your business from the financial losses, damaged customer trust and devastation to your reputation caused by a security breach is to protect your code, your infrastructure and your networks before attackers can infiltrate your systems, and then to detect if this infiltration has happened (despite your best efforts) before it affects your customers.
DevSecOps is the art and science of moving your attention earlier in the application-building process (Shift Left) to catch known vulnerabilities before they can disrupt your business or your development process. This will lower development costs and reduce application delivery time to your stakeholders – meaning you’ll consistently achieve a faster and safer time to market.
A DevOps pipeline automates code testing for correct functionality before deploying that code to environments such as Testing, Staging or Production. A DevOps pipeline is a must for application deployment. DevSecOps takes that further by implementing Security Scans throughout the entire DevOps Pipeline, hence the name DevSecOps pipeline.
This course teaches exactly how to implement a DevSecOps pipeline, catching known vulnerabilities both during code development and deployment (SAST), as well as while the application is actively running (DAST). Students will learn how to use the industry-accepted tools and processes (at a hands-on technical level) that are required to create and use an end-to-end CI/CD pipeline that ensures only linted, tested, validated, vulnerability-free and approved code (including relied-upon libraries) gets deployed into Production, automatically.
Choose the exact tool chain you want below and generate a course outline, or choose the ‘generic’ options for a tool-neutral outline:
Deploying Hardened Infrastructure at Scale
Cloud Networking. You will learn a solid introduction to Cloud networking on AWS, GCE or Azure Cloud so you can confidently know your IGW from your RTA without embarrassing your VPC, as well as how to use the cloud CLI tools
Infrastructure Deployment. You will learn how to use ‘infrastructure as code’ tools like HashiCorp’s Terraform to describe and deploy VM’s in the cloud of your choice. We’ll use infrastructure as code to create and destroy secure networking components automatically, as well as how to launch VM’s within those networking components
Containerization. We’ll teach you how to create Docker containers to deploy your applications.
Container Orchestration. Once you have containers running, either Kubernetes or OpenShift can be used to manage containers, automatically replace damaged containers and scale containers to meet customer demand on your applications.