DevSecOps

Shifting left is a buzzword used for conveying that making security an integral part of development is the only practical approach for agile workflows. It’s mission: Find and prevent defects early in the software delivery process. The idea is to improve quality by moving tasks from “the right” to “the left” as early in the software development lifecycle (SDLC) as possible.

The awesome assumption is that there is application security testing on “the right”, in staging and production. And a misunderstanding with fatal consequences waits around the corner too. Moving all security testing to development on “the left”, can leave big holes in security on “the right”.

To fully incorporate security into a SDLC, there needs to be a mature SDLC process in the first place. An application security program can only be as advanced as the SDLC pipeline itself.

---

Testlab

• Cloud tools

---

Notes

• Introduction
• The story sofar
• Growing list of challenges
• SSDLC methodologies
• Implementing SSDLC
• Risk assessment
• Privacy Impact Assessment (PIA)
• Threat modelling
• Secure coding
• Security-testing plan and practices
• Security automation
• Shared responsibility
• Securing virtual machines
• Securing managed database services
• Securing containers
• Securing serverless/function as a service
• Securing object storage
• Securing block storage
• Securing file storage
• Securing the container storage interface
• Securing virtual networking
• Securing DNS services
• Securing CDN services
• Securing VPN services
• Securing DDoS protection services
• Securing WAF services
• Identity management
• Monitoring and auditing

---

Labs

• AWS Well-architected Labs: Security
• Microsoft Azure Well-Architected Framework - Security
• Google cloud Security Engineer Learning Path
• CloudAcademy Security Training Library
• Set up labs for trainings

---

Best practices

CI/CD

• Introduction
• Docker
• Code and Git
• Artifacts

AWS

• Introduction
• Elastic Compute Cloud (EC2)
• RDS for MySQL
• Elastic Container Service (ECS)
• Elastic Kubernetes Service (EKS)
• AWS Lambda
• Simple Storage Service (S3)
• Elastic Block Store (EBS)
• Elastic File System (EFS)
• Container Storage Interface (CSI)
• Virtual Private Cloud (VPC)
• Route 53
• CloudFront
• Site-to-Site VPN
• Client VPN
• Shield
• AWS WAF
• AWS IAM
• Directory Service
• Configuring MFA

Azure

• Introduction
• Virtual Machines
• Database for MySQL
• Container Instances (ACI)
• Kubernetes Service (AKS)
• Functions
• Blob storage
• Managed disks
• Files
• Container Storage Interface (CSI)
• Virtual Network (VNet)
• Managed DNS
• Content delivery network (CDN)
• Site-to-Site VPN
• Point-to-Site VPN
• DDoS Protection
• WAF
• Azure AD

GCP

• Introduction
• Compute Engine (GCE) and VM instances
• SQL for MySQL
• Kubernetes Engine (GKE)
• Functions
• Storage
• Persistent Disk
• Filestore
• Container Storage Interface (CSI)
• Virtual Private Cloud (VPC)
• Managed DNS
• Content delivery network (CDN)
• Managed VPN
• Armor
• Google Cloud IAM

---

Books