DevSecOps: Beginner Edition

Get a hands-on introduction to DevSecOps basics with a focus on implementing Devops and DevSecOps pipelines in on-premise, hybrid and on-public cloud models.
Write your awesome label here.
Starts: 07 July 2021  Duration: 4 weeks
Recordings of live sessions included!

What You'll Learn

This is a 4-week beginner bootcamp that will teach you the basics of DevSecOps. You will learn how to use different tools and techniques to plan/create DevOps pipeline, integrate security to it and automate security testing, auditing, compliance and infrastructure security. You will have the opportunity to reinforce the essential concepts taught by building pipelines hands-on in our purpose-built labs.

Completing the bootcamp and passing the certification exam will arm you with the skills and knowledge required to enter the security industry as a Junior DevSecOps Professional.
  • 4 Live Sessions

  • 2.5 hrs per session

  • Over 50 Lab Exercises

  • 1 PADSOP Attempt

  • Recordings of Live Sessions

Build Your Cybersecurity Credentials

  • Become a Pentester Academy DevSecOps Professional (PADSOP)

A PADSOP certification holder is proficient in implementing both DevOps and DevSecOps pipelines, and automating security testing, auditing, compliance and infrastructure security.
  • Bootcamp Completion Certificate

Attendees will also get a course completion certificate after attending all 4 live sessions.

Live Session Schedule

Weekly 2 hr 30 min sessions start at 10:00am ET and end at 12:30pm ET.
07 July 2021
14 July 2021
21 July 2021
28 July 2021
Introduction to DevOps
DevSecOps: Adding Security to DevOps Part I
DevSecOps: Adding Security to DevOps Part II
DevSecOps Pipelines on GitLab

Prerequisites

 1. Basic knowledge of computers and networking
2. Familiarity with the Linux Operating System
3. Familiarity with DevOps components is useful, but not essential

Bootcamp Syllabus

Module I: Introduction to DevOps

Learn the basics of DevOps and SDLC (Software Development Life Cycle) processes, components required to implement a DevOps pipeline. Plan a pipeline for a web application and implement it for an on-premise setup involving virtual machines.
  • What is SDLC?
  • What is DevOps?
  • DevOps Building Blocks and Principles
  • Need of DevOps
  • What is Continuous Integration and Continuous Deployment?
  • Continuous Integration to Continuous Deployment to Continuous Delivery
  • Continuous Delivery vs Continuous Deployment
  • General workflow of CI/CD pipeline
  • Phases of DevOps Pipeline
  • Code Environment (IDE)
  • Version Control System (VCS)
  • Basics of Git VCS
  • Self Hosted VCS i.e. Gitlab, SCM
  • Publicly available VCS e.g. GitLab, GitHub, BitBucket
  • Building the Project
  • Manual Build vs Automated Build
  • Build Systems e.g. Maven, make, Dockerfile, Packer
  • Testing
  • Manual Testing vs Automated Testing
  • Automated Unit Testing e.g. JUnit, Pytest
  • Automated Functional Testing e.g. Selenium
  • Deployment
  • Manually creating the setup
  • Infrastructure as Code e.g. Ansible, Chef
  • Continuous Integration (CI)
  • Benefits of CI
  • CI solutions e.g. Jenkins, GitLab CI
  • Lab: Continuous Integration lab for Django Webapp
  • Monitoring
  • Importance of Monitoring
  • Monitoring with NagiOS
  • Concept and explanation what to monitor
  • Maintenance
  • Issue Tracking
  • Documentation
  • Case studies on DevOps Pipelines
  • Plan a DevOps Pipeline for a WebApp
  • Implement DevOps Pipeline for an on-premise model

Module II: DevSecOps: Adding Security to DevOps

This module is covered in Weeks 2 and 3 of the bootcamp.

Understand the secure SDLC and concept of integrating security in DevOps process, learn to perform threat modeling, identify the security components for the DevOps pipeline, install and configure the security tools to convert DevOps pipeline into DevSecOps pipeline. 
  • What is Secure SDLC?
  • Secure SDLC phases
  • DevSecOps Maturity Model (DSOMM)
  • Adding Security to DevOps
  • Phases of DevSecOps Pipeline
  • Threat modelling
  • What is Threat Modelling?
  • STRIDE vs DREAD approaches
  • Using ThreatSpec and BDD Security
  • Automated Code Review
  • What is Automated Code Review?
  • Using FindSecBugs, PMD, DevSkim tools
  • Sensitive Information Scan
  • What is Sensitive Information Scan?
  • Using Talisman, GitSecret, Trufflehog
  • Static Code Analysis (SAST)
  • What is SAST?
  • Using SonarQube, Graudit and Flawfinder
  • Dynamic Code Analysis (DAST)
  • What is DAST?
  • Using OWASP Zap, Arachini
  • Software Component Analysis
  • What is Software Component Analysis?
  • Using OWASP dependency check, Retire.js and Safety
  • Vulnerability Management and Vulnerability Assessment
  • What is Vulnerability Management and Vulnerability Assessment?
  • Using ArcherySec, DefectDojo, OpenVAS
  • Compliance as Code
  • What is Compliance as Code?
  • Using Inspec and Serverspec
  • Secret Management
  • Need for Secret Management
  • Using Hashicorp Vault, Torus
  • Case studies on DevSecOps Pipelines
  • Identify security components for the WebApp DevOps pipeline created in last session
  • Integrate the security components to form a DevSecOps pipeline

Module III: DevSecOps Pipelines on GitLab

Learn about GitLab CI fundamentals, configurations to create a DevSecOps pipeline on it. The GitLab can be hosted on-premise, in hosted service Gitlab.com and can also be installed on cloud infrastructure, making it a good choice for DevSecOps process.
  • Designing a DevOps Pipeline for a Django Web Application
  • Identifying the DevSecOps components to integrate
  • Introduction to GitLab CI
  • Writing gitlab-ci.yaml
  • Configuring Environment variables
  • Using secrets securely
  • Configuring Runners
  • Implementing Pipeline using GitLab CI
  • Integrating security tools
Meet the instructor

Nishant Sharma

Nishant Sharma leads R&D at Pentester Academy and Attack Defense. He has 8+ years of experience in the information security field including 6+ years in WiFi security research and development. He has presented research and conducted workshops at Blackhat USA/Asia, DEF CON China, HITB, RootCon, Packet Hacking Village, Wireless Village, IoT village and Demo labs (DEFCON USA).

Nishant’s Twitter handle is also @wifisecguy, which should tell you all you need to know about his research interests.
Nishant Sharma - Instructor

Can't attend this bootcamp? Get informed about future bootcamps!

Thank you!
Thank you!