DevSecOps Advanced

Course description:

DevSecOps Advanced training covers the security of containerized application infrastructures, including recommended best practices for securing the network and the applications.

Target audience:​

• People familiar with containerized applications and container orchestration technologies, wishing to improve the security of their environment
• DevOps engineers
• Linux system administrators
• Systems design engineers
• Architects

Prerequisites for DevSecOps Advanced:

• Strong grasp of container basics (recommended training: Docker Fundamentals)
• Strong grasp of Kubernetes terminology and Kubernetes cluster operation fundamentals (recommended training: Kubernetes Fundamentals)

Nice to have:

Working knowledge of the following Kubernetes topics: Role-Based Access Control (RBAC), resource control, logging and monitoring (recommended training: Kubernetes Advanced)
Module 1: Introduction to Cloud Security
– The 4C’s of Cloud Native Security
– STRIDE Threat Model
– Node Security
– Container Security

Module 2: Cert Manager
– What Cert Manager is
– Cert-manager overview
– Cert-manager concepts
– Installing cert-manger
– Cert-manager walkthrough
Hands-on Lab: Cert Manager

Module 3: RBAC Revisited. External Auth Sources
– RBAC Revisited
– Role and ClusterRole
– RoleBinding and CluterRoleBinding
– OpenID Connect
– OIDC Implicit flow
– OIDC Authentication flow
– JWT Tokens
– Keycloak – K8s integration
Hands-on Lab: RBAC Revisited

Module 4: K8s-Network Policy
– Why use network policies
– What is MetalLB and how it works
– Configuring Layer2 and Layer3 MetalLB
– Additional MetalLB configuration samples
Hands-on Lab: Network Policies

Module 5: K8s-Securing container images
– Tools for securing your container images
– OCI Annotations
– Managing the security of K8s container workloads
– Vulnerability Scanning Tools (Aqua MicroScanner, Anchore)
– Security Context
– Image Security Best Practices
Hands-on Lab: Image Security

Module 6: Istio – Introduction
– What is a service mash
– What is Istio
– Istio architecture and components
– Setting up Istio
Hands-on Lab: Istio – Introduction

Module 7: Istio – Advanced Routing
– Why route traffic?
– raffic shifting
– equest routing
– External Resources
Hands-on Lab: Istio – Traffic routing

Module 8: Istio – Fault Injection
– Controlling Ingress traffic
– Fault injection
– Circuit breaking
– Traffic mirroring
Hands-on Lab: Istio – Fault injection

Module 9: Istio – mTLS
– Securing pod communication with Istio
– mTLS
– Authorization policies
– Policy target
– Authenticated and unauthenticated identity
Hands-on Lab: Istio – mTLS and Authorization

Module 10: Istio – Observability
– Viewing the mesh with Kiali
– Kiali features
– Generating a service graph
– Tracing Calls with Jaeger
– Observability (Metrics, Distributed Tracers, Access Logs)
Hands-on Lab: Istio – Observability

Module 11: Pod Security Policies
– Enabling Pod Security Policies
– Policy Reference
Hands-on Lab: Pod Security Policies

Module 12: Open Policy Agent
– How OPA works
– OPA and Kubernetes
– Integrating OPA with K8s
Hands-on Lab: OPA Gatekeeper

Module 13: Secret Management. Hashicorp Vault
– Secrets – the theory behind
– Protecting Secrets
– Risks
– Hashicorp Vault
– Running Vault on K8s
– Integrating Vault with K8s
Hands-on Lab: Secret Management

Note:​​

Every student has assigned to him his own virtual lab environment setup.

Additional details:

To attend this course, you need to have:
• PC/Laptop with internet access
• Updated web browser

DevSecOps Advanced

1140
  • DURATION: 3 days
  • SKILL LEVEL: Professional
  • LECTURES: 13 lessons

Register
  • PRICE: 1140 €
  • DURATION: 3 days
  • SKILL LEVEL: Professional
  • LECTURES: 13 lessons

Course description:

DevSecOps Advanced training covers the security of containerized application infrastructures, including recommended best practices for securing the network and the applications.

Target audience:​

• People familiar with containerized applications and container orchestration technologies, wishing to improve the security of their environment
• DevOps engineers
• Linux system administrators
• Systems design engineers
• Architects

Prerequisites for DevSecOps Advanced:

• Strong grasp of container basics (recommended training: Docker Fundamentals)
• Strong grasp of Kubernetes terminology and Kubernetes cluster operation fundamentals (recommended training: Kubernetes Fundamentals)

Nice to have:

Working knowledge of the following Kubernetes topics: Role-Based Access Control (RBAC), resource control, logging and monitoring (recommended training: Kubernetes Advanced)
Module 1: Introduction to Cloud Security
– The 4C’s of Cloud Native Security
– STRIDE Threat Model
– Node Security
– Container Security

Module 2: Cert Manager
– What Cert Manager is
– Cert-manager overview
– Cert-manager concepts
– Installing cert-manger
– Cert-manager walkthrough
Hands-on Lab: Cert Manager

Module 3: RBAC Revisited. External Auth Sources
– RBAC Revisited
– Role and ClusterRole
– RoleBinding and CluterRoleBinding
– OpenID Connect
– OIDC Implicit flow
– OIDC Authentication flow
– JWT Tokens
– Keycloak – K8s integration
Hands-on Lab: RBAC Revisited

Module 4: K8s-Network Policy
– Why use network policies
– What is MetalLB and how it works
– Configuring Layer2 and Layer3 MetalLB
– Additional MetalLB configuration samples
Hands-on Lab: Network Policies

Module 5: K8s-Securing container images
– Tools for securing your container images
– OCI Annotations
– Managing the security of K8s container workloads
– Vulnerability Scanning Tools (Aqua MicroScanner, Anchore)
– Security Context
– Image Security Best Practices
Hands-on Lab: Image Security

Module 6: Istio – Introduction
– What is a service mash
– What is Istio
– Istio architecture and components
– Setting up Istio
Hands-on Lab: Istio – Introduction

Module 7: Istio – Advanced Routing
– Why route traffic?
– raffic shifting
– equest routing
– External Resources
Hands-on Lab: Istio – Traffic routing

Module 8: Istio – Fault Injection
– Controlling Ingress traffic
– Fault injection
– Circuit breaking
– Traffic mirroring
Hands-on Lab: Istio – Fault injection

Module 9: Istio – mTLS
– Securing pod communication with Istio
– mTLS
– Authorization policies
– Policy target
– Authenticated and unauthenticated identity
Hands-on Lab: Istio – mTLS and Authorization

Module 10: Istio – Observability
– Viewing the mesh with Kiali
– Kiali features
– Generating a service graph
– Tracing Calls with Jaeger
– Observability (Metrics, Distributed Tracers, Access Logs)
Hands-on Lab: Istio – Observability

Module 11: Pod Security Policies
– Enabling Pod Security Policies
– Policy Reference
Hands-on Lab: Pod Security Policies

Module 12: Open Policy Agent
– How OPA works
– OPA and Kubernetes
– Integrating OPA with K8s
Hands-on Lab: OPA Gatekeeper

Module 13: Secret Management. Hashicorp Vault
– Secrets – the theory behind
– Protecting Secrets
– Risks
– Hashicorp Vault
– Running Vault on K8s
– Integrating Vault with K8s
Hands-on Lab: Secret Management

Note:​​

Every student has assigned to him his own virtual lab environment setup.

Additional details:

To attend this course, you need to have:
• PC/Laptop with internet access
• Updated web browser

Register

We're committed to your privacy. DevOps Artisan a Bittnet project uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Personal Data Protection Policy.
Loading...