Time
4 hours 39 minutes
Difficulty
Beginner
CEU/CPE
5

Video Transcription

00:00
look up the lesson 3.8, where we're gonna summarize everything we've learned that this module up, I found creating the slides that that was very interesting there so many concepts here and so many interesting perspectives of what we have to understand.
00:16
So we looked at why, how we need to integrate security into Dev ops. Understand that we really need management buy in for it to be successful, to be ever cut across all the different
00:26
portions of the organization. To say this is new policy.
00:30
This is what we're doing. Everybody needs to get along whenever there's any issues again that executives could cut across those those organization
00:40
we had. We looked at metrics for evaluating the success of security
00:46
as well as securities impact on the existing pipeline. If there is one
00:51
and we don't have them with some of the building blocks for Jenkins pipeline that you can see as we go through the all of the different modules so we can build on that and you'll see how it's built and added on each one of the new stages.
01:03
You talked about security for the non security staff, So security for the developers for the operations and then, obviously flipside we talked about was the security staff having a little bit understanding of what Dev ops means? What the development side, what mean, what, how what it means to run the operations and maintain
01:23
the applications.
01:26
And he looked at threat modelling. So like that the awas Brett Dragon to, say, identify within the application. Here are the risks that that I found by by breaking down all the components the way they communicate their boundaries and identifying some
01:42
specific issues to the application
01:47
or even your system, and then so that we can want to get to selection of the tools we can we can. We know for sure that we've covered all the risks, and we have the tools that contest for those risks.
01:59
Let's wrap up the module with a quick quiz.
02:02
What is not a methodology for threaten widely
02:06
if it's stride
02:07
pasta or bananas?
02:12
Unfortunately, there isn't one called bananas. I looked everywhere. I thought this would be a great one. But all I found was
02:19
stride, which he saw in the Los Threat Dragon, which is spoofing tampering, repudiation, information disclosure, denial of service, elevation of privilege
02:29
and pasta, which is
02:30
funny as well. But it's the process for attack simulation and threaten analysis

Up Next

DevSecOps Fundamentals

DevSecOps certification training helps students learn to incorporate security features in every step of the development process and navigate distinct security challenges in custom software and web applications.

Instructed By

Instructor Profile Image
Philip Kulp
Instructor