Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Practical DevSecOps
The most comprehensive DevSecOps Course
@teacheraioɂ www.teachera.io info@teachera.io
2
Mohammed A. Imran
Senior Security Engineer
# whoami
• Author, Speaker and Community Leader.
• Practicing DevSecOps from ...
3
Introduction to DevSecOps
Secure SDLC and CI/CD
Tools of the Trade
Embed Tools in CI/CD
Practical DevSecOpsCOURSE COST
$...
4
OWASP AppSec Pipeline
5
Tools of the Trade
In this section, we will cover the introduction to DevSecOps, advantages and Core
principles.
Introduction to DevSecOps
1
7
DevOps is a software engineering practice that
aims at unifying software development (Dev) and
software operation (Ops)....
8
Flexibility
With ever changing technology,
businesses have to be flexible and
fast to deliver value to their
customers ot...
9
Culture
DevOps is about breaking down
barriers between teams; without
culture other practices fail
C A
M S
Measurement
M...
10
Traditional SDLC
Requirements
Gather Requirements
from the client/customer
Implementation
Implement the design
agreed u...
11
Traditional Secure SDLC
12
Enter the
change
Agile
Everything changed after agile,
much shorter development cycles
and faster deploys to production...
D
13
Plan & Create
Plan and implement the
code using source code
management (SCM)
A
Monitor
Create
Verify
Package
Release
...
14
OWASP AppSec Pipeline
15
DevSecOps Pipeline
We will setup DevSecOps environment using DevSecOps Studio
Setting up DevSecOps Environment
2
17
DevSecOps Studio is a virtual environment to learn
and teach DevSecOps concepts. Its easy to get
started and is mostly ...
18
Lets up Git Server and DevSecOps box
Install Vagrant, Virtualbox, Ansible and Follow the below steps.
# Download the co...
19
Contact Us
USA | Singapore | India
https://www.teachera.io
info@teachera.io
@teacheraio
ſ https://teacheraio.herokuapp....
Upcoming SlideShare
Loading in …5
×

Practical DevSecOps Course - Part 1

1,960 views

Published on

The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.

More details here - https://www.practical-devsecops.com/

Published in: Technology

Practical DevSecOps Course - Part 1

  1. 1. Practical DevSecOps The most comprehensive DevSecOps Course @teacheraioɂ www.teachera.io info@teachera.io
  2. 2. 2 Mohammed A. Imran Senior Security Engineer # whoami • Author, Speaker and Community Leader. • Practicing DevSecOps from past 3 years. • Organised around 100 monthly security meetings and about 50 workshops. • Maintainer of DevSecOps Studio and Awesome Fuzzing Projects. • SCJP, OSCP, OSCE • Reachable on social media platforms @secfigo
  3. 3. 3 Introduction to DevSecOps Secure SDLC and CI/CD Tools of the Trade Embed Tools in CI/CD Practical DevSecOpsCOURSE COST $ FREE teachera.io/devsecops-course/ In this course, we will learn how to take your organization from conventional shop to a DevSecOps shop in easy to follow steps. Welcome to the world's most comprehensive DevSecOps course. By the end of this course, you will be able to embed security as part of DevOps or in CI/CD pipelines with confidence. We will start off with the basics of the DevOps, DevSecOps and move towards advanced concepts such as secrets management, configuration management, Infrastructure as code, compliance as code etc., Questions? Ask on Slack - https://teacheraio.herokuapp.com/ Manage secrets in the cloud CM with Ansible System hardening Compliance as Code
  4. 4. 4 OWASP AppSec Pipeline
  5. 5. 5 Tools of the Trade
  6. 6. In this section, we will cover the introduction to DevSecOps, advantages and Core principles. Introduction to DevSecOps 1
  7. 7. 7 DevOps is a software engineering practice that aims at unifying software development (Dev) and software operation (Ops). - wikipedia DevOps is a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality - Bass, Weber, and Zhu By definition, security is part of DevOps. DevSecOps Development (Software Engineering) Security (Quality Assurance) Operations DevSecOps
  8. 8. 8 Flexibility With ever changing technology, businesses have to be flexible and fast to deliver value to their customers otherwise they risk losing the business. Reliability Customers need more reliable & available systems. DevOps reduces failure rates. Resilience DevOps helps organisations in designing and implementing resilient systems. Automation Automation helps to reduce complexity of modern systems and can scale as per needs Speed Speed is competitive advantage and DevOps helps to go to market faster. Development (Software Engineering) Security (Quality Assurance) Operations DevSecOps
  9. 9. 9 Culture DevOps is about breaking down barriers between teams; without culture other practices fail C A M S Measurement Measuring activities in CI/CD helps in informed decision making among teams Automation Often mistaken as DevOps itself but a very important aspect of the initiative. Sharing Sharing tools, best practices etc., among the teams/organization improves confidence for collaboration. How to DevSecOps ? Core Values of DevOps
  10. 10. 10 Traditional SDLC Requirements Gather Requirements from the client/customer Implementation Implement the design agreed upon Maintain Maintenance of the software Deploy Deploy the software to the production Design Design the software according to the requirements
  11. 11. 11 Traditional Secure SDLC
  12. 12. 12 Enter the change Agile Everything changed after agile, much shorter development cycles and faster deploys to production. Speed with which changes are beyond security’s (operations) 🚨 reach. Then Agile Happened
  13. 13. D 13 Plan & Create Plan and implement the code using source code management (SCM) A Monitor Create Verify Package Release Configure DevOps Verify Test and verify the code does, what business wants. B Package Package the code in a deployable artifact & test it in staging environment C Release Release the artefact as production ready after change/release approvals Configure Configure the application/ stack using configuration management E Monitor Monitor the application for its performance, security and compliance F DevOps Cycle
  14. 14. 14 OWASP AppSec Pipeline
  15. 15. 15 DevSecOps Pipeline
  16. 16. We will setup DevSecOps environment using DevSecOps Studio Setting up DevSecOps Environment 2
  17. 17. 17 DevSecOps Studio is a virtual environment to learn and teach DevSecOps concepts. Its easy to get started and is mostly automatic. It takes lots of efforts to setup a DevSecOps environment for training/demos and more often, its error prone when done manually. DevSecOps Studio https://github.com/teacheraio/DevSecOps-Studio/
  18. 18. 18 Lets up Git Server and DevSecOps box Install Vagrant, Virtualbox, Ansible and Follow the below steps. # Download the code $ git clone https://github.com/teacheraio/DevSecOps-Studio.git && cd DevSecOps-Studio # Download the ansible dependency roles $ ansible-galaxy install -r requirements.yml -p provisioning/roles # Setup the environment, takes an hour or less based on your internet speed. $ vagrant up
  19. 19. 19 Contact Us USA | Singapore | India https://www.teachera.io info@teachera.io @teacheraio ſ https://teacheraio.herokuapp.com/

×