This course helps to implement DevSecOps in Google Cloud and integrate SAST, SCA & DAST security tools in CI/CD Pipeline
What you'll learn
Learn DevSecOps implementation with GCP
Learn SAST Integration with GCP
Learn SCA Integration with GCP
Learn DAST integration with GCP
Learn False Positive Analysis (FPA) of Security Issues
Learn GCP Cloud Build and trigger creation in it
Learn about moving tokens from YAML file to pipeline variables
Learn to integrate Sonar and Snyk in GCP Cloud Build
Learn End to End DevSecOps pipeline implementation in GCP for a Java Project
Learn to report security issues in JIRA
Requirements
Basic computer knowledge
Good to have interest in Security domain
Description
Course Updates:v 2.0 - October 2022Updated course lectures with tool changesv 1.0 - June 2022Updated course with newer videos on End to End GCP DevSecOps Pipeline for a Java Project in Section 7Added Quizzes to the course--------------------------------------------------------------------------------------------------------------------------------Who shall take this course?This "DevSecOps in Google Cloud Platform" course is designed for Security Engineers, DevOps Engineers, SRE, QA Professionals and Freshers looking to find a job in the field of security. This is a focused GCP DevSecOps course with a special focus on integrating SAST/SCA/DAST tools in Build pipeline. Learn and implement security in DevOps pipeline, get Hands On experience in using Security tools & technologies. This course is for:DevelopersDevOpsSecurity EngineersAspiring professional in the Security domainQuality Assurance EngineersInfoSec/AppSec Professional DevSecOps being the hot skill, will help you to secure a high-salaried job and stay informed on the latest market trends. Why purchase this course?This is only practical hands-on course available on the internet till now.DevSecOps enables rapid application development with agility, at the same time it secures your application with automated security checks integrated within the pipeline. It helps to increase productivity and security by integrating security stages in the pipeline.Also, we have included practical examples to implement security in the DevOps pipeline through various tools.By the end of the course, you will be able to successfully implement DevOps or DevSecOps pipeline and lead initiatives to create, build and maintain security pipelines in your project.No Action required before taking this course. For any question or concerns, Please post your comments on discussions tabDisclaimer: English subtitles are auto-generated so please ignore any grammar mistakes
Overview
Section 1: Introduction
Lecture 1 Introduction & Course Agenda
Lecture 2 About the Course
Section 2: Deep Dive into DevSecOps
Lecture 3 Basic Security Terms - If new to security field
Lecture 4 What is DevSecOps?
Lecture 5 Tools used for DevSecOps Implementation in the market - Detailed discussion
Lecture 6 Tools used for DevSecOps in GCP
Section 3: Hands On - Implementing DevSecOps Pipeline in GCP
Lecture 7 Create GCP Free Tier Account
Lecture 8 Install Git on Windows Machine
Lecture 9 Create Repo in GCP Cloud Source Repository and Clone it on local system with Git
Lecture 10 Push vulnerable code to GCP Cloud Source Repo
Lecture 11 Enable Cloud Build for GCP Project
Lecture 12 Write CloudBuild YML file and push it to GCP Cloud Source Code Repo
Lecture 13 Create Trigger in GCP CloudBuild
Lecture 14 Trigger Build Automatically in GCP using CloudBuild
Section 4: Implement SAST in GCP DevSecOps Pipeline using SonarCloud
Lecture 15 What is SonarCloud and its benefits?
Lecture 16 Create Account on SonarCloud
Lecture 17 Create Organization and Project in SonarCloud for GCP DevSecOps Pipeline
Lecture 18 Prerequisites for integrating SonarCloud within GCP DevSecOps pipeline
Lecture 19 Write CloudBuild YAML file code for SonarCloud Integration in GCP DevSecOps
Lecture 20 Push SonarCloud YAML code to GCP and execute SAST in GCP DevSecOps pipeline
Lecture 21 Review SAST scan results on SonarCloud dashboard and perform FPA
Lecture 22 Move Sonar Token from CloudBuil YML file to GCP CloudBuild Substitution Variable
Lecture 23 Create Custom Quality Gates within SonarCloud
Lecture 24 Prerequisites to populate Code Coverage on SonarCloud
Lecture 25 Push Code Coverage changes in Source Code to GCP & Review changes on SonarCloud
Section 5: Implement SCA in GCP DevSecOps Pipeline using Snyk
Lecture 26 What is Snyk and its benefits?
Lecture 27 Create Snyk Account
Lecture 28 Create Snyk security token and store as a GCP Cloud Build Substitution variable
Lecture 29 Write SCA Integration code in GCP CloudBuild YML & pom.xml
Lecture 30 Push Snyk Code changes to GCP and review Snyk results and perform FPA
Section 6: Implement DAST in GCP DevSecOps Pipeline using OWASP ZAP
Lecture 31 What is OWASP ZAP and its benefits?
Lecture 32 Create Google Storage bucket for storing DAST html reports
Lecture 33 Write DAST integration code in GCP Cloudbuild YML file
Lecture 34 Push DAST Code changes to GCP and review OWASP ZAP results and perform FPA
Section 7: End To End Java Project Case Study for implementing GCP DevSecOps Pipeline
Lecture 35 Case Study: Understanding Project Requirements before workflow implementation
Lecture 36 Write CloudBuild YML code for SAST, SCA & DAST for End to End DevSecOps Pipeline
Lecture 37 Write POM.XML changes for SAST, SCA & DAST for End to End DevSecOps Pipeline
Lecture 38 Push cloudbuil.yml & pom.xml changes to GCP for End To End DevSecOps Pipeline
Section 8: Report Security issues found during SAST, SCA & DAST scans in JIRA
Lecture 39 Hands On: Create a JIRA account with Atlassian with custom JIRA site
Lecture 40 Hands On: Report SAST security issues in JIRA identified by SonarCloud
Lecture 41 Hands On: Report SCA security issues in JIRA identified by Snyk
Lecture 42 Hands On: Report DAST security issues in JIRA identified by OWASP ZAP
Section 9: Next Steps and Bonus section
Lecture 43 Optional: Application Security As a Career
Lecture 44 Sample DevSecOps Engineer CV
Lecture 45 Bonus Lecture
DevSecOps Engineers,DevOps Engineers,Cloud Security Engineers


Homepage

https://www.udemy.com/course/devsecops-in-gcp-integrate-sast-sca-dast-in-google-cloud-asecurityguru/