Organizations are moving to the cloud to enable digital transformation and reap the benefits of cloud computing. However, security teams struggle to understand the DevOps toolchain and how to introduce security controls in their automated pipelines responsible for delivering changes to cloud-based systems. Without effective pipeline security controls, security teams lose visibility into the changes released into production environments. Upfront peer code reviews and security approvals may not occur for change approval and audit requirements. Missing infrastructure and application scanning can allow attackers to find an entry point and compromise the system. Cloud security misconfigurations may publicly expose sensitive data or introduce new data exfiltration paths.
Security teams can help organizations prevent these issues using DevOps tooling and cloud-first best practices. SEC540 provides development, operations, and security professionals with a deep understanding of and hands-on experience with the DevOps methodology used to build and deliver cloud infrastructure and software. Students learn how to attack and then harden the entire DevOps workflow, from version control to continuous integration and running cloud workloads. Each step of the way, students explore the security controls, configuration, and tools required to improve the reliability, integrity, and security of on-premise and cloud-hosted systems.
SEC540 goes well beyond traditional lectures and immerses students in hands-on application of techniques during each section of the course. Each lab includes a step-by-step guide to learning and applying hands-on techniques, as well as a “no hints” approach for students who want to stretch their skills and see how far they can get without following the guide. This allows students, regardless of background, to choose the level of difficulty they feel is best suited for them- aalways with a frustration-free fallback path.
SEC540 also offers students an opportunity to participate in CloudWars Bonus Challenges each day, providing more hands-on experience with the cloud and DevSecOps toolchain.
YOU WILL LEARN:
-
Understand the Core Principles and Patterns behind DevOps
- Recognize how DevOps works and identify keys to success
Understand the DevSecOps Methodology and Workflow
- Threat model and secure your build and deployment environment
- Secure DevOps tools and workflows
- Conduct effective risk assessments and threat modeling in a rapidly changing environment
- Design and write automated security tests and checks in CI/CD
- Understand the strengths and weaknesses of different automated testing approaches in Continuous Delivery
- Inventory and patch your software dependencies
Integrate Security into Production Operations
- Automate configuration management using Infrastructure as Code
- Secure container technologies (such as Docker and Kubernetes)
- Build continuous monitoring feedback loops from production to engineering
- Securely manage secrets for Continuous Integration servers and applications
- Automate compliance and security policy scanning
Move Your DevOps Workloads to the Cloud
- Understand how to automate cloud architecture components
- Use CloudFormation and Terraform to create Infrastructure as Code
- Build CI/CD pipelines using Jenkins, CodePipeline, and Azure DevOps
- Wire security scanning into Jenkins, CodePipeline, and Azure DevOps workflows
- Containerize applications with Elastic Container Service and Azure Kubernetes Service
- Integrate cloud logging and metrics with CloudWatch
- Create Slack alerts from CloudWatch metrics
- Manage secrets with Vault, KMS, and the SSM Parameter store
Consume Cloud Services to Secure Cloud Applications
- Protect static content with CloudFront Signatures
- Leverage Elastic Container Service for blue/green deployments
- Secure REST APIs with API Gateway
- Implement an API Gateway custom authorization Lambda function
- Deploy the AWS Web Application Firewall and build custom WAF rules
- Perform continuous compliance scans with CloudMapper
- Enforce cloud configuration policies with Cloud Custodian
