DevSecOps Training

1.1: DevOps and Security Challenges

• Principles and Patterns behind the DevOps
• Identifying how DevOps works and keys to success

1.2: DevOps Toolchain

• GitFlow
• GitHub Actions
• Building CI/CD pipelines through CodePipeline, Azure DevOps, and Jenkins
• GitLab CI/CD
• Jenkins
• Securing the DevOps workflows
• Threat model and secure your deploy and build environment

1.3: Secure DevOps tools and Workflows

• Conducting efficient risk evaluations and threat modeling in the rapidly changing environment.
• Designing and Writing the automated security checks and tests in the CI/CD.
• Strengths and Weaknesses of automated testing approach in Continuous Delivery.
• Inventory and patch our software dependencies
• Wire the security scanning into the CodePipeline, Jenkins, and Azure DevOps workflows

1.4: Pre-commit Security Controls

• Git Hook Security
• Rapid Risk Assessment
• Branch Protections
• Code Editor Extensions
• Peer Reviews
• Code Owners

1.5: Commit Security Controls

• Component Analysis
• Static Analysis Security Testing

1.6: Secrets Management

• Handling Secrets in the CI/CD
• AWS SSM Parameter store
• Azure Key Vault
• HashiCorp Vault
• AWS Secrets Manager

2.1: Cloud Infrastructure as Code

• Cloud Infrastructure as Code
• AWS Cloud Information
• Deploying the Terraform
• Cloud Infrastructure as the cloud security analysis

2.2: Configuration Management as Code

• Automating the Configuration Management in the CI/CD
• Building the Gold Images with the Packer and Vagrant
• Using Ansible to configure the Virtual Machines
• Buiding the Gold Images  
• Certifying the Gold Images with the InSpec

2.3: Container Security

• BuildKit and Dockerfile Security
• Base Image Hardening with the Conftest and Hadolint
• Container Registry Security
•  Container Image Security
• Scanning the Container Images with the Docker Scan and Trivy
• Container Scanning with the Azure ACR and AWS ECR

2.4: Acceptance Stage Security

• Vulnerability Management in the DevSecOps
• Dynamic Application Security Testing

3.1: Cloud Deployment and Orchestration

• AWS CodePipeline
• Azure Pipelines
• Cloud Container Orchestration
• Azure Kubernetes Service
• Elastic Container Services

3.2: Security in the Cloud CI/CD

• AWS CodeBuild Security Integrations
• Software Composition Analysis
• Azure DevOps Security Extensions

3.3: Cloud Workload Security

• Cloud Storage Access Control
• Privilege Esçalation & Workload Identity
• TLS Hardening and Misconfiguration

3.4: Continuous Security Monitoring

• Monitoring and Feedback Loops from the production to the engineering
• Cloud Metrics and Logging
• Log Analytics and Azure Monitor
• AWS CludWatch Log Insights
• Kusto Query Language
•  AWS CloudWatch Dashboards
• Automated Stack Alerts
• OS Query

3.5: Data Protection Services

• Azure Service Integration
• Azure Key Vaults
• AWS Service Integration
• AWS KMS