DevSecOps Bootcamp

Course Description

We write code, we test code (or at least we should) and we deploy code. And throughout this process, hackers are trying to ruin our day by hacking into our infrastructure and our applications and doing mean things like stealing our customers’ data.

This 10-day hands-on intensive bootcamp is an all-in expedition that teaches your team how to store code in Git, how to use a CI/CD devops pipeline, how to create and spin-up infrastructure in the cloud, how to deploy applications in containers and how to orchestrate those containers, all with Security Scanning built in at every step along the way. The end result: only tested, approved, and vulnerability-free infrastucture will run your tested, approved, and vulnerability-free applications.

This class is a seamless combination of our DevSecOps Pipeline and our Deploying Hardened Infrastructure at Scale classes.

No prior DevOps knowledge is required.

Choose the exact tool chain you want below and generate a course outline, or choose the ‘generic’ options for a tool-neutral outline:

Course Agenda 

• Git source and version control management. This course will teach you the fundamentals of using git so you can effectively share, collaborate, backup and version any code.  We’ll scan all code as it is pushed to Git for known vulnerabilities.
  
• SAST (Static Application Security Testing). You will learn about OWASP (Open Web Application Security Project) and the top known vulnerabilities from which you need protect your applications, as well as exactly how to do this. You’ll integrate SAST into your DevOps Pipeline, including how to stop a pipeline build when a vulnerability is discovered, and you’ll learn how to manage false positives. Third-party libraries are code developers get from other places. We’ll scan that code as well.
  
• Configuration management. We’ll teach you how to configure and spin up servers (web, database, load balancer, or any application servers), using a configuration management tool and code stored in git.
  
• Testing and continuous integration /  continuous deployment. Learn to integrate git and configuration management with a CI/CD tool to build, test, and deploy code into test, staging, and production environments, creating an automated end-to-end DevOps pipeline. We’ll use CI/CD to drive Security scanning so every push of code verifies a vulnerability-free application.
  
• DAST (Dynamic Application Security Testing). No matter how hard you work to protect your code, someone could potentially break into your running application in Production. We’ll show you how to continually and dynamically scan running applications to make sure you are safe from the beginning of the code development process to the final customer experience.
  
• Cloud Networking. You will learn a solid introduction to Cloud networking on AWS, GCE or Azure Cloud so you can confidently know your IGW from your RTA without embarrassing your VPC, as well as how to use the cloud CLI tools
  
• Infrastructure Deployment. You will learn how to use ‘infrastructure as code’ tools like HashiCorp’s Terraform to describe and deploy VM’s in the cloud of your choice.   We’ll use infrastructure as code to create and destroy secure networking components automatically, as well as how to launch VM’s within those networking components 
  
• Containerization. We’ll teach you how to create Docker containers to deploy your applications. 
  
• Container Orchestration.  Once you have containers running, either Kubernetes or OpenShift can be used to manage containers, automatically replace damaged containers and scale containers to meet customer demand on your applications.