by Gurpreet Sachdeva | Publisher: Packt Publishing | Release Date: December 2018 | ISBN: 9781788394901

Secure DevOps - The Road to Continuous Security in development lifecycleAbout This VideoA practical course that will teach you to protect your organization with a collaboration of DevOps and security.Integrate security step-by-step at every layer of the DevOps pipeline with practical sessions.Real-life scenarios and case studies of DevOps unicorns such as Etsy, Netflix, Google, etc. In DetailDevOps enables rapid application development while security teams follow a traditional way of performing security checks. If security (that is, configuration checks, code analysis, vulnerability scanning, and more) is not adequately automated then it leads to increased security violations and hacking/phishing attacks. Integrating security in the DevOps ethos helps fix flaws earlier in the development process. This course shows you how to apply DevOps security best practices at every stage in your DevOps pipeline. You will learn proven approaches to reducing vulnerability and strengthening your defenses against attack. You will understand using security as code with the intent of making security and compliance consumable as a service. This course explains how DevOps security practices differ from traditional security approaches and provides techniques to embed governance and cybersecurity functions throughout the DevOps workflow. By the end of the course, you will have learned best practices in DevSecOps, the core concepts of secure DevOps, and how security can be integrated into the development pipeline.The code bundle for this video course is available at - https://github.com/PacktPublishing/Practical-DevOps-Security-Video

1. Chapter 1 : Integrate Security within DevOps
   • The Course Overview 00:02:27
   • Integrate Security for a DevOps World 00:05:03
   • Risk Management in a Rapidly Changing World 00:06:28
   • Key Principles and Benefits of Secure DevOps 00:04:46
   • Business-Driven Security Strategies 00:04:06
   • OWASP Security Guidelines 00:03:59
2. Chapter 2 : Applying Shift Left Security Approach
   • Integrating Security Into CI/CD Pipeline 00:03:16
   • Automated Security Testing 00:03:22
   • Tools of the Trade 00:02:47
   • Red and Blue Teams 00:03:00
3. Chapter 3 : Securing Development Practices
   • Security Requirements 00:03:58
   • Architectural Considerations 00:02:34
   • Threat Modeling, Data Flow Diagrams, and Attack Surface 00:07:51
   • Identity and Access Management 00:03:05
   • Code Inspection 00:03:34
   • Environment Hardening 00:06:00
4. Chapter 4 : Security Verification in the Pipeline
   • What Is Static Application Security Testing? 00:04:18
   • Embed SAST into the CI/CD Pipeline 00:07:18
   • What Is Dynamic Application Security Testing? 00:02:23
   • Embed DAST Into the Pipeline 00:03:03
   • Runtime Application Self-Protection (RASP) versus Interactive Application Security Testing (IAST) 00:02:18
   • Software Composition Analysis 00:02:01
5. Chapter 5 : Deploy Secure Software
   • Infrastructure as Code 00:03:40
   • Key Management and Identity Management 00:02:16
   • Chaos Monkey and Fuzz Testing 00:02:19
6. Chapter 6 : Security in System Monitoring
   • Security Monitoring 00:05:48
   • Governance, Risk, Compliance and Audit 00:03:59
   • Incident Response and Forensics 00:07:20