DevSecOps in practice using Azure

This course is Microsoft Advised (syllabus and practical examples have been consulted with MS Architects).

With ever growing amount of security threats in the current world of tech we see the same growth in the need to react and ideally prevent them. This coupled with the rapid tempo rate of delivery puts high demands on the development teams in agile environments in terms of quality and implementation speed of the security measures used for the applications they deliver. Integration of security measures into the DevOps process brings many challenges, both in proper use of technology as well as organizational processes. These we will be discussing together with practical solutions with the help of selected tools from the Azure DevOps platform.

Audience

• Software developers
• Software architects
• Security engineers
• DevOps engineers

Goals

This course aims to provide the participants with a solid introduction to DevSecOps and acquaint them with the theory and terminology. And on top of that demonstrate on a real Application how DevSecOps enables developers to tightly integrate Application security into DevOps process.

Course guarantor

Pavel Winkler, Filip Herudek

Pavel and Filip work in their own company Rationis Development and are oriented on software development mostly for the financial sector. Thanks to intense requirements for security from their clients, they have started to employ DevSecOps in their, which they helped establish and evolve with some of their clients.

Outline

• DevSecOps theory
  • Motivation and goals
  • DevOps vs. DevSecOps
  • Shift-left principle
  • Methods of application
  • DevSecOps elements
  • Tools (analysis, engineering, operations)
• Azure setup
  • Project setup
  • CI/CD in Azure
  • IaC tools
  • Azure Dev Test Labs
  • Pipelines & deployment
• ARM templates configuration
  • Template structure
  • Configuration in VS
  • Usage with Azure CLI
  • Deployment
• Terraform configuration
  • Connecting a repository
  • Workspace setup
  • Configuration of variables
  • Deployment
• Application security
  • Security in SDLC
  • Static analysis
  • Dynamic analysis
  • Test automation
  • Monitoring & Alerting
  • Logging

Technical requirements

• Basic knowledge of Azure
• Basics of DevOps and SDLC
• Knowledge of terminal in an OS of choice
• BYOD requirements
• Any OS of choice
• Microsoft/Azure account
• Web browser
• Text editor (VS Code recommended)