Skip to content
O'Reilly home
DevOps

Securing Your DevOps Pipelines

Published by Pearson

DevSecOps Best Practices

Feb. 11, 2022

1 - 6 p.m. Coordinated Universal Time

167 Spots Remaining

Sign up for a free trial!

or sign in.

Registration closes Feb. 10, 2022 11 p.m. Coordinated Universal Time

What you’ll learn and how you can apply it

  • How attackers get unauthorized access to applications
  • Security tools you can add to your CI/CD pipeline, regardless of which service you use
  • How to prevent the top security risks for web apps

This live event is for you because…

  • You work on the DevOps infrastructure for your company
  • You want to learn more about cybersecurity
  • You are responsible for web apps meeting security compliances, like HIPAA or PCI

Prerequisites

  • Some familiarity with DevOps principles
  • Some knowledge about web apps and authentication/authorization

Course Set-up

A GitHub repo with a JavaScript project (could be one of your own): https://github.com/flippedcoder/okta-pkce-demo

Recommended Preparation

Recommended Follow-up

Schedule

The timeframes are only estimates and may vary according to how the class is progressing.

Background on DevOps (30 min)

  • Where DevOps came from
  • How DevOps works
  • DevOps vs Waterfall

Q&A (5 min)

Break (5 min)

Security in DevOps or DevSecOps (50 min)

  • Where security comes in
  • How issues get to production
  • The OWASP 10 top security risks
  • What attackers are using to get unauthorized access to apps
  • How issues get to production
  • Intro to DevSecOps
  • Using DevSecOps to mitigate risks

Q&A (10 min)

Break (10 min)

DevSecOps Tools (50 min)

  • Intro to IAST and tools
  • Intro to SAST and tools
  • Intro to DAST and tools

Q&A (10 min)

Break (10 min)

Setting up a DevSecOps Pipeline (50 min)

  • Setting up the project
  • Setting up CircleCI
  • Writing the CircleCI config
  • Breaking down the pipeline steps
  • Adding security to each step

Q&A (15 min)

Break (10 min)

Final Security Checks (35 min)

  • Pen-testing
  • Kali Linux tools
  • Bug bounties
  • Compliance audits

Q&A (5 min)

Course wrap-up and next steps (5 min)

  • More resources
  • Next classes

Your Instructor

  • Milecia McGregor

    Milecia is a senior software engineer with a master’s in mechanical and aerospace engineering. She has worked in robotics, front-end development, back-end development, DevOps, IoT, machine learning, data science, cybersecurity, and almost every other part of tech. She’s also helped manage teams of developers and has done work as a developer advocate for a number of startups. In her free time, she likes to play with her dog and learn random skills like unicycle riding.

Start your free 10-day trial

Get started

Want to learn more at events like these?

Get full access to O'Reilly online learning for 10 days—free.

  • checkmark50k+ videos, live online training, learning paths, books, and more.
  • checkmarkBuild playlists of content to share with friends and colleagues.
  • checkmarkLearn anywhere with our iOS and Android apps.
Start Free TrialNo credit card required.