SFD262 – DevSecOps Bootcamp
Categories: AdvDevOps, Kubernetes
Course Content
Course Intro
-
Welcome Message
02:08
INTRODUCTION TO DEVSECOPS
-
Chapter Intro
01:17 -
Learning Objectives
-
Why care about DevSecOps
-
Path that led to DevSecOps
-
What is DevSecOps ?
-
How to DevSecOps
-
Understanding Modern Application
-
Application Security Risks
-
Layers of Onions Approach to Security
-
DevSecOps Practices and Delivery Pipeline
-
Selecting the Right Tools
-
Reading List/References
-
Summary
-
Knowledge Check (TODO) -**
Setting Up a Learning Environment
-
Chapter Intro
03:21 -
Launching a Kubernetes Cluster with GKE
05:23 -
Setting up Firewall Rules
02:43 -
Launching a Linux Development Environment
10:32 -
Configuring Google Cloud SDK and Kubectl
08:21 -
Install Helm Package Manager
03:30 -
Summary
-
Lab 3
Building a DevOps Pipeline
-
Chapter Intro and Learning Objectives
01:31 -
Installing Jenkins with Helm
07:38 -
Configuring Jenkins
03:50 -
Analyzing the Jenkinsfile Pipeline as a Code
06:57 -
Launching a Simple DevOps Pipeline
06:38 -
Building an Image with Docker
04:17 -
Why use Kaniko to build Container Images ?
04:41 -
Adding the Image Build and Publish Stage to the Pipeline
10:02 -
Summary
-
Lab 4
Securing the Supply Chain with SCA
-
Chapter Intro
01:26 -
Learning Objectives
-
What is Software Component Analysis
-
Using the Dependency Checker for SCA
04:14 -
Using Pyraider as a Python SCA
05:10 -
Adding the Software Composition Analysis (SCA) Stage to the Pipeline
04:51 -
Scanning Open Source Licenses
05:03 -
Setting up Dependency Tracker
05:31 -
Troubleshooting Kubernetes Resource Issues
08:00 -
Connecting Jenkins with Dependency Tracker
05:53 -
Adding SBOM Stage to the Pipeline
07:41 -
Cleaning up
05:38 -
Summary
-
Lab 6
Static Application Security Testing (SAST)
-
Chapter Intro
01:41 -
Learning Objectives
-
What is SAST
-
Using SCAN (slscan.io)
09:32 -
Adding the SAST Stage to the Pipeline
05:40 -
Configuring SCA to Fail
04:16 -
Fixing Dependency Issues
03:00 -
Updating the License Approval List
07:08 -
Summary
-
Lab 7
Auditing Container Images
-
Chapter Intro
01:29 -
Learning Objectives
-
Container Image Linting and Scanning
-
Linting Images with Dockle
05:53 -
Scanning Images for Vulnerabilities with Trivy
05:35 -
What Is a Multi-Stage Dockerfile?
05:11 -
Securing Images with a Multi-Stage Dockerfile
09:37 -
Running a Container as Non Root
05:36 -
Configuring Health Checks
05:56 -
Adding Image Analysis to the Pipeline
05:04 -
Summary
-
Lab 8
Secure Deployment and Dynamic Application Security Testing DAST
-
Chapter Intro
01:35 -
Learning Objectives
-
Secure Deployments with GitOps
-
Setting Up ArgoCD
06:03 -
Configuring the ArgoCD CLI
04:27 -
Kubernetes Deployment Objects
06:11 -
Generating Kubernetes YAML Manifests
05:44 -
Deploying to Kubernetes with ArgoCD
06:42 -
Secure Deployment Workflow – Argo + Jenkins
-
Authorizing Jenkins to Deploy Remotely with Argo
-
Adding an Automated Deploy Stage to the Jenkins Pipeline
07:21 -
DAST with OWASP ZAP
-
DAST Scan with ZAP
05:21 -
Summary
-
Lab 9
System Security Auditing with IaaC
-
Chapter Intro
01:49 -
Learning Objectives
-
Compliance as a Code and InSpec
-
Compliance Scanning with InSpec
09:36 -
Using the DevSec Hardening Framework
05:57 -
Configuring the SSH Pipeline Steps Plugin
09:47 -
Troubleshooting SSH in the Pipeline
05:20 -
Adding the Compliance Scan to the Pipeline
04:08 -
Installing and Configuring Ansible
05:04 -
Enforcing Compliance Remediation with Ansible
00:00 -
Modifying InSpec Controls
04:58 -
Running Daily SecOps Pipeline
00:00 -
Summary
-
Lab 10
Securing Kubernetes Deployments
-
Chapter Intro
02:32 -
Learning Objectives
-
Securing Kubernetes
-
Setting Up a Single Node Kubernetes Environment
07:34 -
Running CIS Benchmark Scans for Kubernetes
05:26 -
Hunting for Vulnerabilities with Kube Hunter
05:48 -
Scanning the Kubernetes Deployment Code with Kubesec
05:21 -
Defining Resource Constraints
03:05 -
Configuring the Security Context for a Pod
12:37 -
Mounting the Root Filesystem as Read-Only
06:14 -
System Calls and the SecComp Profile
-
Restricting Syscalls with Seccomp
08:31 -
Configuring RunAsUser and ServiceAccounts
09:09 -
Reading List/References
-
Summary
-
Lab 11
Secrets Management with Vault
-
Chapter Intro
01:09 -
Learning Objectives
-
Kubernetes Secrets Management with Vault
-
Installing Vault Using Helm
-
Adding Secrets to the Vault
04:38 -
Writing Policy and Kubernetes RBAC
05:53 -
Injecting a Secret into the Pod
05:22 -
Injecting a Secret into the Pod
09:25 -
Customizing Secrets using Templates
-
Rotating Secrets with Vault
-
Summary
-
Lab 12
Runtime Security Monitoring and Remediation
-
Chapter Intro
02:15 -
Learning Objectives
-
Runtime Analysis
-
How does Falco Work ?
-
Installing the Falco Runtime Security Engine
05:50 -
Detecting Runtime Anomalies
00:00 -
Adding Custom Application Rules
00:00 -
Building an Automated Response Engine
00:00 -
Deploying Argo Events and Workflow with Falco
00:00 -
Troubleshooting Falco on GKE
00:00 -
Examining Argo Workflow
00:00 -
Reading List/References
-
Response Engine in Action
00:00 -
Summary
-
Lab 13
Student Ratings & Reviews
No Review Yet
