Mohammed A. Imran, profile picture
Uploaded byMohammed A. Imran
4,031 views

Practical DevSecOps Course - Part 1

This document outlines the comprehensive DevSecOps course offered by Teachera.io, focusing on integrating security into DevOps and CI/CD pipelines. It emphasizes practical steps to transform organizations from traditional methods to a DevSecOps approach, covering essential topics like secrets management and compliance as code. The course is free and designed to equip participants with the skills needed to embed security confidence and efficiently manage software development and operations.

Technology
In this document
Powered by AI

Overview of a DevSecOps course that integrates security in DevOps and CI/CD processes.

Definitions and core principles of DevSecOps, focusing on flexibility, reliability, and the importance of culture, automation, and measurement.

Comparison of traditional SDLC and secure SDLC, emphasizing the impact of Agile methodologies on speed and security.

Instructions for setting up a DevSecOps environment using DevSecOps Studio, including installation of necessary tools.

Contact details for further engagement with the DevSecOps course team, highlighting their global presence.

Embed presentation

Practical DevSecOps The most comprehensive DevSecOps Course @teacheraioɂ www.teachera.io info@teachera.io
2 Mohammed A. Imran Senior Security Engineer # whoami • Author, Speaker and Community Leader. • Practicing DevSecOps from past 3 years. • Organised around 100 monthly security meetings and about 50 workshops. • Maintainer of DevSecOps Studio and Awesome Fuzzing Projects. • SCJP, OSCP, OSCE • Reachable on social media platforms @secfigo
3 Introduction to DevSecOps Secure SDLC and CI/CD Tools of the Trade Embed Tools in CI/CD Practical DevSecOpsCOURSE COST $ FREE teachera.io/devsecops-course/ In this course, we will learn how to take your organization from conventional shop to a DevSecOps shop in easy to follow steps. Welcome to the world's most comprehensive DevSecOps course. By the end of this course, you will be able to embed security as part of DevOps or in CI/CD pipelines with confidence. We will start off with the basics of the DevOps, DevSecOps and move towards advanced concepts such as secrets management, configuration management, Infrastructure as code, compliance as code etc., Questions? Ask on Slack - https://teacheraio.herokuapp.com/ Manage secrets in the cloud CM with Ansible System hardening Compliance as Code
4 OWASP AppSec Pipeline
5 Tools of the Trade
In this section, we will cover the introduction to DevSecOps, advantages and Core principles. Introduction to DevSecOps 1
7 DevOps is a software engineering practice that aims at unifying software development (Dev) and software operation (Ops). - wikipedia DevOps is a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality - Bass, Weber, and Zhu By definition, security is part of DevOps. DevSecOps Development (Software Engineering) Security (Quality Assurance) Operations DevSecOps
8 Flexibility With ever changing technology, businesses have to be flexible and fast to deliver value to their customers otherwise they risk losing the business. Reliability Customers need more reliable & available systems. DevOps reduces failure rates. Resilience DevOps helps organisations in designing and implementing resilient systems. Automation Automation helps to reduce complexity of modern systems and can scale as per needs Speed Speed is competitive advantage and DevOps helps to go to market faster. Development (Software Engineering) Security (Quality Assurance) Operations DevSecOps
9 Culture DevOps is about breaking down barriers between teams; without culture other practices fail C A M S Measurement Measuring activities in CI/CD helps in informed decision making among teams Automation Often mistaken as DevOps itself but a very important aspect of the initiative. Sharing Sharing tools, best practices etc., among the teams/organization improves confidence for collaboration. How to DevSecOps ? Core Values of DevOps
10 Traditional SDLC Requirements Gather Requirements from the client/customer Implementation Implement the design agreed upon Maintain Maintenance of the software Deploy Deploy the software to the production Design Design the software according to the requirements
11 Traditional Secure SDLC
12 Enter the change Agile Everything changed after agile, much shorter development cycles and faster deploys to production. Speed with which changes are beyond security’s (operations) 🚨 reach. Then Agile Happened
D 13 Plan & Create Plan and implement the code using source code management (SCM) A Monitor Create Verify Package Release Configure DevOps Verify Test and verify the code does, what business wants. B Package Package the code in a deployable artifact & test it in staging environment C Release Release the artefact as production ready after change/release approvals Configure Configure the application/ stack using configuration management E Monitor Monitor the application for its performance, security and compliance F DevOps Cycle
14 OWASP AppSec Pipeline
15 DevSecOps Pipeline
We will setup DevSecOps environment using DevSecOps Studio Setting up DevSecOps Environment 2
17 DevSecOps Studio is a virtual environment to learn and teach DevSecOps concepts. Its easy to get started and is mostly automatic. It takes lots of efforts to setup a DevSecOps environment for training/demos and more often, its error prone when done manually. DevSecOps Studio https://github.com/teacheraio/DevSecOps-Studio/
18 Lets up Git Server and DevSecOps box Install Vagrant, Virtualbox, Ansible and Follow the below steps. # Download the code $ git clone https://github.com/teacheraio/DevSecOps-Studio.git && cd DevSecOps-Studio # Download the ansible dependency roles $ ansible-galaxy install -r requirements.yml -p provisioning/roles # Setup the environment, takes an hour or less based on your internet speed. $ vagrant up
19 Contact Us USA | Singapore | India https://www.teachera.io info@teachera.io @teacheraio ſ https://teacheraio.herokuapp.com/

More Related Content

PPTX
Introduction to DevSecOps
byabhimanyubhogwan
 
PDF
The State of DevSecOps
byDevOps Indonesia
 
PDF
DevSecOps and the CI/CD Pipeline
byJames Wickett
 
PPTX
DevSecOps
byJoel Divekar
 
PDF
Introduction to DevSecOps
bySetu Parimi
 
PDF
2019 DevSecOps Reference Architectures
bySonatype
 
PDF
DevSecOps 101
byNarudom Roongsiriwong, CISSP
 
PDF
[DevSecOps Live] DevSecOps: Challenges and Opportunities
byMohammed A. Imran
 
Introduction to DevSecOps
byabhimanyubhogwan
 
The State of DevSecOps
byDevOps Indonesia
 
DevSecOps and the CI/CD Pipeline
byJames Wickett
 
DevSecOps
byJoel Divekar
 
Introduction to DevSecOps
bySetu Parimi
 
2019 DevSecOps Reference Architectures
bySonatype
 
DevSecOps 101
byNarudom Roongsiriwong, CISSP
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
byMohammed A. Imran
 

What's hot

PDF
DevSecOps Implementation Journey
byDevOps Indonesia
 
PPTX
DevOps to DevSecOps Journey..
bySiddharth Joshi
 
PPTX
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
byMohamed Nizzad
 
PDF
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
byMohammed A. Imran
 
PPTX
DEVSECOPS.pptx
byMohammadSaif904342
 
PPTX
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
PPTX
DevSecOps reference architectures 2018
bySonatype
 
PDF
Security Process in DevSecOps
byOpsta
 
PDF
Demystifying DevSecOps
byArchana Joshi
 
PDF
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
PDF
DevSecOps: Taking a DevOps Approach to Security
byAlert Logic
 
PDF
DevSecOps What Why and How
byNotSoSecure Global Services
 
PDF
Slide DevSecOps Microservices
byHendri Karisma
 
PPTX
How to Get Started with DevSecOps
byCYBRIC
 
PPTX
DevSecOps : an Introduction
byPrashanth B. P.
 
PDF
DevSecOps in Baby Steps
byPriyanka Aash
 
PPTX
DevSecOps
byCheah Eng Soon
 
PDF
Security champions v1.0
byDinis Cruz
 
PDF
Security in CI/CD Pipelines: Tips for DevOps Engineers
byDevOps.com
 
PDF
Practical DevSecOps - Arief Karfianto
byidsecconf
 
DevSecOps Implementation Journey
byDevOps Indonesia
 
DevOps to DevSecOps Journey..
bySiddharth Joshi
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
byMohamed Nizzad
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
byMohammed A. Imran
 
DEVSECOPS.pptx
byMohammadSaif904342
 
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecOps reference architectures 2018
bySonatype
 
Security Process in DevSecOps
byOpsta
 
Demystifying DevSecOps
byArchana Joshi
 
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
DevSecOps: Taking a DevOps Approach to Security
byAlert Logic
 
DevSecOps What Why and How
byNotSoSecure Global Services
 
Slide DevSecOps Microservices
byHendri Karisma
 
How to Get Started with DevSecOps
byCYBRIC
 
DevSecOps : an Introduction
byPrashanth B. P.
 
DevSecOps in Baby Steps
byPriyanka Aash
 
DevSecOps
byCheah Eng Soon
 
Security champions v1.0
byDinis Cruz
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
byDevOps.com
 
Practical DevSecOps - Arief Karfianto
byidsecconf
 

Similar to Practical DevSecOps Course - Part 1

PDF
Pentest is yesterday, DevSecOps is tomorrow
byAmien Harisen Rosyandino
 
PDF
DevSecOps Automation for Product Security
byITTSTAR Consulting, LLC.
 
PDF
From DevOps to DevSecOps: Evolution of Secure Software Development
byScalaCode
 
PDF
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
 
PPTX
Devops
bypenetration Tester
 
PDF
How DevOps Improves Security DevSecOps Explained.pdf
byhimanshuwowit
 
PPTX
DevSecOps: Integrating Security Into DevOps! {Business Security}
byAlgoworks Inc
 
PPTX
DevSecOps Story with added security controls
byHareeshNani5
 
PDF
Why Security Engineer Need Shift-Left to DevSecOps?
byNajib Radzuan
 
PDF
Kickstart your DevOps path with core skills
byOmar Fathy
 
PDF
Learning Devsecops 1st Edition Steve Suehring
bymurdyamaruan
 
PDF
Working on DevSecOps culture - a team centric view
byPatrick Debois
 
PPTX
DevSecOps with Microsoft Tech
byDarin Morris
 
PDF
Strengthen and Scale Security for a dollar or less
byMohammed A. Imran
 
PDF
Scale security for a dollar or less
byMohammed A. Imran
 
PPTX
DevOps in Practice
byDerek Chen
 
PPTX
DevOps and the Future of InfoSec
byDarin Morris
 
PDF
DevOps Transformation - Another View
byAgron Fazliu
 
PDF
You build it - Cyber Chicago Keynote
byJohn Willis
 
PPTX
You Build It, You Secure It: Introduction to DevSecOps
bySumo Logic
 
Pentest is yesterday, DevSecOps is tomorrow
byAmien Harisen Rosyandino
 
DevSecOps Automation for Product Security
byITTSTAR Consulting, LLC.
 
From DevOps to DevSecOps: Evolution of Secure Software Development
byScalaCode
 
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
 
Devops
bypenetration Tester
 
How DevOps Improves Security DevSecOps Explained.pdf
byhimanshuwowit
 
DevSecOps: Integrating Security Into DevOps! {Business Security}
byAlgoworks Inc
 
DevSecOps Story with added security controls
byHareeshNani5
 
Why Security Engineer Need Shift-Left to DevSecOps?
byNajib Radzuan
 
Kickstart your DevOps path with core skills
byOmar Fathy
 
Learning Devsecops 1st Edition Steve Suehring
bymurdyamaruan
 
Working on DevSecOps culture - a team centric view
byPatrick Debois
 
DevSecOps with Microsoft Tech
byDarin Morris
 
Strengthen and Scale Security for a dollar or less
byMohammed A. Imran
 
Scale security for a dollar or less
byMohammed A. Imran
 
DevOps in Practice
byDerek Chen
 
DevOps and the Future of InfoSec
byDarin Morris
 
DevOps Transformation - Another View
byAgron Fazliu
 
You build it - Cyber Chicago Keynote
byJohn Willis
 
You Build It, You Secure It: Introduction to DevSecOps
bySumo Logic
 

More from Mohammed A. Imran

PPT
Automating security test using Selenium and OWASP ZAP - Practical DevSecOps
byMohammed A. Imran
 
PDF
Pentesting RESTful webservices
byMohammed A. Imran
 
PDF
Exploit development 101 - Part 1 - Null Singapore
byMohammed A. Imran
 
PDF
Cross site scripting attacks and defenses
byMohammed A. Imran
 
PDF
Assembly language part I
byMohammed A. Imran
 
PDF
How to secure web applications
byMohammed A. Imran
 
PDF
How to find Zero day vulnerabilities
byMohammed A. Imran
 
PDF
In graph we trust: Microservices, GraphQL and security challenges
byMohammed A. Imran
 
PDF
About Null open security community
byMohammed A. Imran
 
PDF
Null Singapore Introduction
byMohammed A. Imran
 
PDF
Null Singapore 2015 accomplishments
byMohammed A. Imran
 
Automating security test using Selenium and OWASP ZAP - Practical DevSecOps
byMohammed A. Imran
 
Pentesting RESTful webservices
byMohammed A. Imran
 
Exploit development 101 - Part 1 - Null Singapore
byMohammed A. Imran
 
Cross site scripting attacks and defenses
byMohammed A. Imran
 
Assembly language part I
byMohammed A. Imran
 
How to secure web applications
byMohammed A. Imran
 
How to find Zero day vulnerabilities
byMohammed A. Imran
 
In graph we trust: Microservices, GraphQL and security challenges
byMohammed A. Imran
 
About Null open security community
byMohammed A. Imran
 
Null Singapore Introduction
byMohammed A. Imran
 
Null Singapore 2015 accomplishments
byMohammed A. Imran
 

Recently uploaded

PDF
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
PPTX
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
PDF
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
PDF
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
PPTX
Neo4j Fraud GraphTalk Singapore Nov 2025
bygourisachdeva2
 
PDF
Linux Foundation Certified System Administrator (LFCS) Exam.pdf
byLinuxCert Guru
 
PDF
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
PDF
SELinux Basics: Managing SELinux Modes and Context - RHCSA+.pdf
byLinuxCert Guru
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PDF
AWS Cloud Technical Essentials - AWS Certificate
byVICTOR MAESTRE RAMIREZ
 
PDF
OutSystsems User Group Brabant November 2025
bymail496323
 
PPTX
Opening Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
PPTX
Explaining ourselves – people, computers and AI
byAlan Dix
 
PDF
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
PDF
Mutation Testing for Industrial Robotic Systems (FMAS 2025)
bySylvain Hallé
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PDF
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
PPTX
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
PDF
How to Spot a Fraudulent Shopping Website
byAshwini Singh
 
PDF
Command Line Text Processing - RHCSA +.pdf
byLinuxCert Guru
 
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
Neo4j Fraud GraphTalk Singapore Nov 2025
bygourisachdeva2
 
Linux Foundation Certified System Administrator (LFCS) Exam.pdf
byLinuxCert Guru
 
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
SELinux Basics: Managing SELinux Modes and Context - RHCSA+.pdf
byLinuxCert Guru
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
AWS Cloud Technical Essentials - AWS Certificate
byVICTOR MAESTRE RAMIREZ
 
OutSystsems User Group Brabant November 2025
bymail496323
 
Opening Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
Explaining ourselves – people, computers and AI
byAlan Dix
 
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
Mutation Testing for Industrial Robotic Systems (FMAS 2025)
bySylvain Hallé
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
How to Spot a Fraudulent Shopping Website
byAshwini Singh
 
Command Line Text Processing - RHCSA +.pdf
byLinuxCert Guru
 

Practical DevSecOps Course - Part 1

  • 1.
    Practical DevSecOps The mostcomprehensive DevSecOps Course @teacheraioɂ www.teachera.io info@teachera.io
  • 2.
    2 Mohammed A. Imran SeniorSecurity Engineer # whoami • Author, Speaker and Community Leader. • Practicing DevSecOps from past 3 years. • Organised around 100 monthly security meetings and about 50 workshops. • Maintainer of DevSecOps Studio and Awesome Fuzzing Projects. • SCJP, OSCP, OSCE • Reachable on social media platforms @secfigo
  • 3.
    3 Introduction to DevSecOps SecureSDLC and CI/CD Tools of the Trade Embed Tools in CI/CD Practical DevSecOpsCOURSE COST $ FREE teachera.io/devsecops-course/ In this course, we will learn how to take your organization from conventional shop to a DevSecOps shop in easy to follow steps. Welcome to the world's most comprehensive DevSecOps course. By the end of this course, you will be able to embed security as part of DevOps or in CI/CD pipelines with confidence. We will start off with the basics of the DevOps, DevSecOps and move towards advanced concepts such as secrets management, configuration management, Infrastructure as code, compliance as code etc., Questions? Ask on Slack - https://teacheraio.herokuapp.com/ Manage secrets in the cloud CM with Ansible System hardening Compliance as Code
  • 4.
  • 5.
  • 6.
    In this section,we will cover the introduction to DevSecOps, advantages and Core principles. Introduction to DevSecOps 1
  • 7.
    7 DevOps is a softwareengineering practice that aims at unifying software development (Dev) and software operation (Ops). - wikipedia DevOps is a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality - Bass, Weber, and Zhu By definition, security is part of DevOps. DevSecOps Development (Software Engineering) Security (Quality Assurance) Operations DevSecOps
  • 8.
    8 Flexibility With ever changingtechnology, businesses have to be flexible and fast to deliver value to their customers otherwise they risk losing the business. Reliability Customers need more reliable & available systems. DevOps reduces failure rates. Resilience DevOps helps organisations in designing and implementing resilient systems. Automation Automation helps to reduce complexity of modern systems and can scale as per needs Speed Speed is competitive advantage and DevOps helps to go to market faster. Development (Software Engineering) Security (Quality Assurance) Operations DevSecOps
  • 9.
    9 Culture DevOps is aboutbreaking down barriers between teams; without culture other practices fail C A M S Measurement Measuring activities in CI/CD helps in informed decision making among teams Automation Often mistaken as DevOps itself but a very important aspect of the initiative. Sharing Sharing tools, best practices etc., among the teams/organization improves confidence for collaboration. How to DevSecOps ? Core Values of DevOps
  • 10.
    10 Traditional SDLC Requirements Gather Requirements fromthe client/customer Implementation Implement the design agreed upon Maintain Maintenance of the software Deploy Deploy the software to the production Design Design the software according to the requirements
  • 11.
  • 12.
    12 Enter the change Agile Everything changedafter agile, much shorter development cycles and faster deploys to production. Speed with which changes are beyond security’s (operations) 🚨 reach. Then Agile Happened
  • 13.
    D 13 Plan & Create Planand implement the code using source code management (SCM) A Monitor Create Verify Package Release Configure DevOps Verify Test and verify the code does, what business wants. B Package Package the code in a deployable artifact & test it in staging environment C Release Release the artefact as production ready after change/release approvals Configure Configure the application/ stack using configuration management E Monitor Monitor the application for its performance, security and compliance F DevOps Cycle
  • 14.
  • 15.
  • 16.
    We will setupDevSecOps environment using DevSecOps Studio Setting up DevSecOps Environment 2
  • 17.
    17 DevSecOps Studio isa virtual environment to learn and teach DevSecOps concepts. Its easy to get started and is mostly automatic. It takes lots of efforts to setup a DevSecOps environment for training/demos and more often, its error prone when done manually. DevSecOps Studio https://github.com/teacheraio/DevSecOps-Studio/
  • 18.
    18 Lets up GitServer and DevSecOps box Install Vagrant, Virtualbox, Ansible and Follow the below steps. # Download the code $ git clone https://github.com/teacheraio/DevSecOps-Studio.git && cd DevSecOps-Studio # Download the ansible dependency roles $ ansible-galaxy install -r requirements.yml -p provisioning/roles # Setup the environment, takes an hour or less based on your internet speed. $ vagrant up
  • 19.
    19 Contact Us USA |Singapore | India https://www.teachera.io info@teachera.io @teacheraio ſ https://teacheraio.herokuapp.com/