Secure Coding - Principles of Deploying Code Securely

Focused View

Chris B Behrens

3:38:16

240 View

1. Introduction

1.1 Azure DevOps.html

1.2 Notepad++.html

1. Introduction and Toolset.mp4

04:00

2. What We're Trying to Accomplish.mp4

06:05

2. Security Principles as They Apply to DevOps

1. Introduction.mp4

03:00

2.1 A quick rundown of authentication and authorization.html

2.2 More from Alice and Bob.html

2. Authentication and Authorization.mp4

10:20

3.1 A Deeper Dive into PKI.html

3.2 Making Your Hashes More Effective with Salt (Seriously).html

3. A Quick Crypto and PKI Primer.mp4

15:50

4.1 What Do Certificates Do.html

4. Using Certs.mp4

04:17

5.1 A More Efficient (But Less Obvious) Way to Work with GPG.html

5. Demo Applied PKI with GPG.mp4

12:34

6. Summary.mp4

00:48

7. Crypto Concepts.html

3. Securing Your Workflow

1. Introduction.mp4

04:00

2.1 The Definition of Least Privilege.html

2. Least Privilege.mp4

06:58

3.1 Exploits of a Mom.html

3.2 SQL INJECTION FOOLS SPEED TRAPS AND CLEARS YOUR RECORD.html

3. What Least Privilege Looks Like.mp4

06:49

4.1 More on Securing Against Angry Employees.html

4. Secure against Angry Employees.mp4

06:45

5.1 A Classic CERT Article on Defense in Depth.html

5. Defense in Depth.mp4

05:42

6.1 Companies which Provide Background Check Services.html

6. Background Checks.mp4

05:29

7.1 A Physical Security Checklist.html

7. Why Physical Security Matters.mp4

08:01

8.1 Understanding Encryption States.html

8. Computer Security Policies.mp4

09:29

9. Summary.mp4

00:22

10. Considering Physical Security.html

4. Building Securely

1. Introduction.mp4

04:12

2.1 Build Agents in Azure (Self-hosted).html

2. Demo A Build, in Light of Security.mp4

06:00

3.1 Extending Builds in Jenkins.html

3.2 The Extends Keyword in Azure Builds.html

3. Engineering Secure Builds.mp4

07:44

4.1 SonarCloud.html

4. Demo A Build with Sonar Tools.mp4

07:36

5.1 The Mask Passwords Plug-in for Jenkins.html

5. Passwords and Secure Files in Builds.mp4

05:28

6. Authentication to Third-party Tools.mp4

02:19

7. Demo Establishing a Service Connection in Azure DevOps.mp4

04:34

8.1 More on SSO and SAML.html

8. SSO and Federation.mp4

06:13

9.1 3 ways to mitigate risk when using private package feeds.html

9.2 Dependency Confusion How I Hacked Into Apple, Microsoft and Dozens of Other Companies.html

9. Dependency Security.mp4

04:03

10. Summary.mp4

00:30

11. Introduction.mp4

01:20

12.1 Martin Fowler's Original Article on Immutable Server.html

12.2 Some Thoughts from a DevOps Professional on Immutable Server and Security.html

12. Immutable Server.mp4

06:42

13.1 Running Microservices on AWS.html

13. The Role of Containerization.mp4

08:26

14.1 Docker Desktop.html

14. Demo Containers, in Light of Security.mp4

04:36

15.1 CrowdStrike, on Achieving Security in Containers and Containerized Solutions.html

15.2 Desired State Configuration.html

15. Container Security.mp4

04:45

16.1 Convention over Configuration.html

16. Security and Application Configuration.mp4

03:38

17.1 Deploying to Container with Octopus.html

17. Deploying Securely.mp4

04:09

18. Summary.mp4

00:23

19. Introduction.mp4

01:48

20.1 A Case Study of Mere Security through Obscurity.html

20. Insecurity through Obscurity.mp4

06:55

21.1 A Real-world Example of Using Regular Expressions to Parse a Log.html

21. Demo Grepping a Log.mp4

04:48

22.1 A Curation of Some Cool Kibana Dashboards.html

22.2 Kibana Alerting.html

22.3 The GitHub Repo of ELK Examples.html

22. Logging and Dashboard Stacks.mp4

03:09

23. A Logging Strategy that Supports Interrogation.mp4

04:40

24. Summary.mp4

00:17

25. Making a Given Log Format Observable.html

5. Conclusion

1. Conclusion and Summary.mp4

03:32

2. Final Exam.html

Description

Understanding What Security Means in DevOps

What You'll Learn?

Understand basic security principles
Build your software securely
Create secure infrastructure and deploy securely to it
Understand how to make your log and security data observable

Who is this for?

This is for DevOps professionals or people looking to become DevOps professionals who are seeking to understand how to do their work in a secure way.

What You Need to Know?

You should have a basic understanding of DevOps, and some grasp of what security means

More details

Description
In this course, we'll look at performing DevOps securely, with an emphasis on deployment. We'll look at basic security principles, talk about how they apply to DevOps in particular, and explore a number of horror stories from my career and elsewhere along the way. By the end of the course, you'll know what questions to ask and how to reach effective answers when considering the security of your processes.
Weâ€™ll begin with authentication and authorization, and talk about least privilege, the foundation of all security, information and otherwise. Weâ€™ll look at how to establish a low-level secure communication pathway, and talk about what all this means for DevOps. Weâ€™ll talk about having a secure work environment, both from a digital information perspective and from the often-overlooked physical security perspective.
Weâ€™ll talk about how to build securely, and what we mean by secure builds, and move on how to deploy securely, and how to secure the infrastructure we deploy to. Weâ€™ll close with a discussion on how to make security visible in your organization, and how to make data which otherwise exists only in obscure logfiles highly visible and interrogatable for your organization.
Join me as we learn how to secure our DevOps processes and deploy code securely with this course from Udemy.
Who this course is for:
This is for DevOps professionals or people looking to become DevOps professionals who are seeking to understand how to do their work in a secure way.

User Reviews

Rating

average 0

Total votes0

Focused display

Chris B. Behrens is a writer, speaker and software developer, specializing in DevOps. He has been a developer and architect for more than twenty years focusing on small to medium size companies and the development changes they face. He focuses on his flavor of Fear Based Development, whereby a developer ranks their tasks in descending order of anxiety, and how to tackle them in that order. Chief among these anxiety-inducing processes is software deployment, a topic that Behrens focuses upon. He lives in Kennedale, TX with his wife and children.

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.