Course : DevSecOps, state of the art and best practiceshow to take your development to the next level
Seminar - 1d
- 07h - Ref. DSF
|
Download in PDF format
Share this course by email
 | Understand the DevSecOps development cycle for container-based architectures deployed in the cloud |
| Understand the types of testing and associated tools that can be integrated into a DevSecOps cycle |
| Be able to plan the transition from a DevOps organization to a DevSecOps organization |
Intended audience
HR managers, CIOs, CISOs, security managers, project managers, consultants, administrators.
Prerequisites
Basic knowledge of the DevOps development cycle.
Course schedule
1 What is DevSecOps?
- The DevOps development cycle. The different environments (development, test, production).
- DevOps with security taken into account at the end of the development cycle.
- Slide the safety tests to the left.
- The DevSecOps development cycle.
2 DevSecOps and distributed container architectures
- Container principles. Their benefits for continuous deployment.
- Container flexibility. Security advantages and disadvantages.
- Integrate code analysis into the development pipeline. Test container security.
- Test the security of the production environment. Log analysis tools, SIEM. Feedback to developers.
3 The real challenges of taking safety into account
- The skills gap. DevOps team members are not security experts.
- The security team is separated from the DevOps team.
- Correctly use the security features offered by the supplier.
- Transient containers and microservices are difficult to monitor. The Aqua.
- Cloud deployment risks. Resource configuration.
- Legacy applications and how to take them into account in the development cycle.
4 Best practices for the transition to DevSecOps
- Managing change. Roles involved, organizational issues, training plan, action plan.
- Cloud security best practices. CSA standards. ENISA risks.
- Evaluate the security of your cloud providers. Take account of your supplier's security SLAs.
- Integrate security locks that make it impossible to deploy an unsecured environment.
- Pushing automation all the way to Infrastructure as Code (IaC). Integrate system and security teams.
- Automate continuous monitoring.
- Integrate monitoring of vulnerability announcements (especially for open source software).
Publication date : 07/24/2024
PARTICIPANTS
HR managers, CIOs, CISOs, security managers, project managers, consultants, administrators.
PREREQUISITES
Basic knowledge of the DevOps development cycle.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.
HR managers, CIOs, CISOs, security managers, project managers, consultants, administrators.
PREREQUISITES
Basic knowledge of the DevOps development cycle.
TRAINER QUALIFICATIONS
The experts leading the training are specialists in the covered subjects. They have been approved by our instructional teams for both their professional knowledge and their teaching ability, for each course they teach. They have at least five to ten years of experience in their field and hold (or have held) decision-making positions in companies.
ASSESSMENT TERMS
The trainer evaluates each participant’s academic progress throughout the training using multiple choice, scenarios, hands-on work and more.
Participants also complete a placement test before and after the course to measure the skills they’ve developed.
TEACHING AIDS AND TECHNICAL RESOURCES
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
• The main teaching aids and instructional methods used in the training are audiovisual aids, documentation and course material, hands-on application exercises and corrected exercises for practical training courses, case studies and coverage of real cases for training seminars.
• At the end of each course or seminar, ORSYS provides participants with a course evaluation questionnaire that is analysed by our instructional teams.
• A check-in sheet for each half-day of attendance is provided at the end of the training, along with a course completion certificate if the trainee attended the entire session.
TERMS AND DEADLINES
Registration must be completed 24 hours before the start of the training.
ACCESSIBILITY FOR PEOPLE WITH DISABILITIES
Do you need special accessibility accommodations? Contact Mrs. Fosse, Disability Manager, at psh-accueil@orsys.fr to review your request and its feasibility.