Aspire Journeys
Introduction to DevSecOps
- 12 Courses | 16h 24m 15s
This DevSecOps Learning Journey is designed to give you a solid foundational understanding of integrating security measures into your DevOps practices. The course starts with the basics-why security matters and how it has evolved-to give context for the more complex following topics. You'll then delve into the specifics of shifting from DevOps to DevSecOps, learning the key elements that differentiate the two and understanding why incorporating security is beneficial and essential. As you proceed, the learning journey offers practical insights into the DevSecOps lifecycle, including hands-on examples and familiar tools you're likely to use. You'll learn to perform security code reviews, conduct various security tests, and manage vulnerabilities effectively. The course also extends your learning to different environments where DevSecOps can be applied. Whether you're working in a traditional on-premise setup or leveraging cloud platforms like AWS, Azure, or GCP, you'll gain valuable insights into how to tailor your DevSecOps practices to meet specific environmental needs. By the end of this journey, you'll have a versatile skill set in DevSecOps, from understanding its foundational principles to knowing how to apply its practices in various technological environments. Whether you're a developer looking to gain an edge in your career or a security professional aiming to update your skill set, this course will equip you with the knowledge and tools you need to make security an integral part of your development process.
Track 1: Introduction to DevSecOps
In this track of the Introduction to DevSecOps Aspire Journey, the focus will be on security principles, shifting from DevOps to DevSecOps, DevSecOps lifecycle, methodologies, and Continuous Integration & Delivery (CI/CD). You will also explore different environments where DevSecOps can be applied such as on-premise setup or leveraging cloud platforms like AWS, Azure, or GCP.
- 12 Courses | 16h 24m 15s
COURSES INCLUDED
Security Principles for DevSecOps
Computer systems and the Internet have changed the way the world does everyday activities. These innovations allow people and businesses to be more connected and accessible than ever before. However, as the Internet evolved, so did Internet security threats, including the sophistication of Internet scams and attacks. In this course, you will explore the history of computer systems and the Internet and discover the basic tenants of information security: confidentiality, integrity, and availability. You will discover different types of information security including application, cloud, and infrastructure security and explore information security risks including advanced persistent threats, insider threats, and ransomware. You will also learn to differentiate between InfoSec, cybersecurity, and DevSecOps. Finally, you will explore common benefits of DevSecOps, including delivery and security.
15 videos |
2h 14m
Assessment
Badge
DevSecOps Principles: From DevOps to DevSecOps
DevSecOps stands for development, security, and operations. DevSecOps is used to integrate security as a shared responsibility throughout the entire IT and development lifecycle. In this course, you will explore DevOps and DevSecOps and their roles in the development and operations teams. First, you will discover the key benefits and common practices of DevOps. Next, you will investigate fundamental DevSecOps requirements like automation, collaboration, and policy, and the potential challenges of adopting DevOps or DevSecOps. Then you will examine common industries, such as automotive, healthcare, and finance, that can implement and benefit from DevSecOps. Finally, focus on the steps to prepare a team to embrace DevSecOps.
14 videos |
1h 24m
Assessment
Badge
The DevSecOps Life Cycle
The DevSecOps life cycle is a methodology implemented by software development teams to ensure products are delivered in a timely and efficient manner. This multi-phase life cycle is designed to guide personnel and teams as efficiently as possible through the end-to-end process of product development. Begin this course, by differentiating between the waterfall and agile models for software development. Then you will explore each phase of the DevOps life cycle in detail, including continuous development, continuous integration, ongoing testing, continuous deployment, continuous feedback, continuous monitoring, and continuous operations. Next, you will discover DevSecOps pipelines, focusing on security code reviews, security testing, scans, monitoring, and reporting. You will learn about the guiding principles and common benefits of automation in DevSecOps. Finally, you will investigate shift left testing and security principles and best practices.
15 videos |
1h 32m
Assessment
Badge
DevSecOps Methodologies
DevSecOps allows developers and project managers the ability to automate, monitor, and apply security at all phases of the software life cycle. This includes the planning, developing, building, testing, releasing, delivering, deploying, operating, and monitoring phases. In this course, you will explore factors that define DevSecOps as a methodology or framework. Discover the benefits of using the CALMS and Three Ways frameworks, and the reasons to integrate security into the application development life cycle. Examine key considerations when migrating from the DevOps life cycle to the DevSecOps life cycle and investigate the roles of the code analysis and change management phases. Explore other DevSecOps phases including compliance, threat assessment, research, and vulnerability analysis. Finally, learn how DevSecOps has become inherently decentralized, and why decentralization is critical.
14 videos |
1h 28m
Assessment
Badge
DevSecOps in Continuous Integration & Delivery (CI/CD)
Continuous integration and continuous delivery (CI/CD) is a coding philosophy and set of practices used by application development teams to deploy and deliver rapid, reliable code changes. You will often hear CI/CD referenced alongside DevOps, which is a collection of ideas, practices, processes, and technologies used by project and development teams to streamline product development. In this course, you will explore the fundamental elements and benefits of CI/CD and the key differences between CI/CD and DevOps. Then you will discover how an effective DevSecOps pipeline can help ensure security. Next, you will investigate the potential security vulnerabilities associated with each phase of the DevSecOps pipeline. Finally, you will examine common DevSecOps security recommendations, such as implementing secure coding guidelines, building security into applications, and validating input data.
13 videos |
1h 20m
Assessment
Badge
DevSecOps On-premises
On-premises IT solutions generally relate to IT infrastructure hardware and software applications that are hosted and managed locally on-site. On-premises implementations require more local resources, including a staff that is responsible for maintaining its solutions and all its related processes. In this course, you will discover the key differences and benefits of an on-premises implementation, compared to those of a cloud or hybrid solution. Then you will explore the common roles and responsibilities of a DevSecOps team, including the chief information security officer (CISO), security champion, developer, and security team roles. Finally, you will learn how to create a positive DevSecOps team culture and security posture and delve into the three pillars of DevSecOps: test-driven security, monitoring and responding to security incidents, and risk assessment.
15 videos |
1h 33m
Assessment
Badge
DevSecOps in AWS
DevSecOps enables the integration of security testing at every stage of the software development process. Amazon Web Services (AWS), for example, offers various tools and services that enable collaboration between developers, security specialists, and operation teams, allowing for efficient and secure software builds. In this course, you will continue to explore DevSecOps, including roles and responsibilities as they relate to development, security, and operations in AWS. Next, you will discover the components required for a successful DevSecOps implementation in AWS, including code analysis, change management, compliance, threat modeling, and security training. Then you will investigate AWS services used for continuous integration and continuous delivery (CI/CD), including AWS CodeBuild, AWS CodeCommit, and AWS CodeDeploy and you will examine the AWS tools and services that enable better testing, logging, monitoring, auditing, governance, and operating services. Finally, you will identify the common challenges of implementing DevSecOps.
16 videos |
1h 29m
Assessment
Badge
DevSecOps in Azure
Microsoft Azure is a collection of various cloud computing services that provide a wide range of services, including compute, storage, analytics, and networking. In this course, you will discover how Azure DevOps can help plan tasks, collaborate, and build and deploy applications. Next, you will explore capabilities enabled by Azure that can help ease into a DevSecOps workflow. You will focus on best practices for moving towards a DevSecOps process and investigate common challenges of implementing DevSecOps in Azure. Then, you will learn how to build and deploy containers with Azure Pipelines, ensure security with Azure Configuration Scanning, and manage identities and access with Azure Active Directory (Azure AD). Finally, you will examine Azure tools and services such as Azure Key Vault to manage keys and secrets and Azure Policy to create, assign, and manage policy definitions in an Azure environment.
15 videos |
1h 26m
Assessment
Badge
DevSecOps in GCP
Google Cloud Platform (GCP) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products and includes a range of hosted services for compute, storage, and application development. In this course, you will explore the security, privacy, and compliance features of the GCP. Discover the five layers of GCP security, including cloud infrastructure, products and services, blueprints for security posture, workload, and applications, and solution packages. Investigate the tenants of GCP, including secure-by-design, the Security Operations Suite, zero trust security, and continuous integration and continuous delivery (CI/CD). Finally, find out how the Google Cloud Logging service can be used to review data for the DevSecOps pipeline.
16 videos |
1h 26m
Assessment
Badge
DevSecOps and Containers
Containers are units of software that package code and its dependencies to ensure applications run quickly and reliably across environments. In this course, you will explore the key differences between virtualization and containerization and the key benefits provided by both. Then you will differentiate between Kubernetes and Docker container solutions and find out why more teams are adopting containers. Next, you will examine how containers make DevSecOps. You will investigate common security challenges presented by containers, such as attack surface size, and you will learn how features such as application programming interface (API) microgateways can be used to complement programming language frameworks to help secure development practices. Then you will focus on how Cloud Native Buildpacks (CNB) and Paketo can be used to build modular container images that can help transform source code using modular, reusable build functions. Finally, you will learn how a strong culture can help provide top-tier container security.
13 videos |
1h 8m
Assessment
Badge
Important DevSecOps Tools
DevSecOps stands for development, security, and operations, and is used to inject security earlier in the software development life cycle (SDLC). In this course, you will explore the various categories of DevSecOps, starting with static analysis security testing (SAST) and dynamic analysis security testing (DAST). Next, you will discover common SAST and DAST DevSecOps tools including Bandit, Clean Code, looks good to me (LGTM), OWASP Zed Attack Proxy (ZAP), and Nikto, and examine dependency analysis and related dependency analysis tools. Then, you will investigate infrastructure as code (IaC) security and the leading IaC security tools, including Anchore, Clair, Dagda, OpenSCAP, dockscan, and InSpec. Finally, you will find out how secrets management is used to manage passwords, keys, application programming interfaces (APIs), and tokens, and you will identify the benefits of vulnerability management and assessment practices.
15 videos |
1h 18m
Assessment
Badge
Final Exam: Introduction to DevSecOps
Final Exam:Introduction to DevSecOps will test your knowledge and application of the topics presented throughout the Introduction to DevSecOps journey.
1 video |
32s
Assessment
Badge
EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.
