DevSecOps Engineering and Automation

The process to release software to users is often painful, risky and time consuming. Continuous Delivery can help large organisations to become lean, agile and innovative by having reliable and low risks releases, making it possible to adapt continuous updates in line with user feedback, market shifts and changes to business strategies.

As a result, the entire delivery process is accelerated while improving the quality. Teams from test, support, development and operations function and work together as one delivery team.

Over the past several years, information security has struggled to keep up with the fast-paced DevOps movement. DevSecOps — an extension of DevOps — aims to remedy this by embracing security as an essential part of DevOps culture. 

This DevSecOps Engineering and Automation short course aims to provide a 5 Days in-depth understanding of DevSecOps Engineering and Automation concepts, practices and tools.

Participants will learn both the theoretical concepts and practical modules in lectures and hands-on workshops.

Who Should Attend

This is an intermediate course, suitable for:

• Delivery Managers

• Configuration Managers

• Project Leaders

• Software Developers

• Software Designers

• Others who need to implement DevSecOps Engineering and Automation methods in their project

Pre-requisites

• Have experience in software development

• Be Familiar with Software Configuration Management

• Be experienced in installing and configuring software

• Know Shell scripting

• Have experience deploying code to production

• Pre-reading of the materials such as: Puppet, Dockers, Containers, GitHub and Jenkins

What to Bring

No printed copies of course materials are issued.

Participants must bring their internet-enabled computing device (laptops, tablet etc) with power charger to access and download course materials.

What Will Be Covered

This course will cover:

• Introduction to DevSecOps

• Software Configuration Management

• Software Build Management

• Continuous Integration and Continuous Delivery (includes Application Release Automation)

• Secure CI/CD pipeline

• Software Composition Analysis (SCA)

• Continuous Integration

• Agile Automated Testing

• Automating Static Analysis Security Testing (SAST)

• Automating Dynamic Analysis Security Testing (DAST)

• Infrastructure as Code

• Secure coding practices

• Compliance as Code (CaC)

• Vulnerability Assessment (VA)

• Containers and Container Management

• DevOps in the Cloud

• DevSecOps Challenges& solutions

• Business metrics and dashboards

• DevSecOps Maturity Model (DSOMM)