Important DevSecOps Tools

DevSecOps | Intermediate

15 videos | 1h 18m 21s
Includes Assessment
Earns a Badge

(2)

DevSecOps stands for development, security, and operations, and is used to inject security earlier in the software development life cycle (SDLC). In this course, you will explore the various categories of DevSecOps, starting with static analysis security testing (SAST) and dynamic analysis security testing (DAST). Next, you will discover common SAST and DAST DevSecOps tools including Bandit, Clean Code, looks good to me (LGTM), OWASP Zed Attack Proxy (ZAP), and Nikto, and examine dependency analysis and related dependency analysis tools. Then, you will investigate infrastructure as code (IaC) security and the leading IaC security tools, including Anchore, Clair, Dagda, OpenSCAP, dockscan, and InSpec. Finally, you will find out how secrets management is used to manage passwords, keys, application programming interfaces (APIs), and tokens, and you will identify the benefits of vulnerability management and assessment practices.

WHAT YOU WILL LEARN

Discover the key concepts covered in this course

Provide an overview of sast, or static analysis

Describe dast, or dynamic analysis

List common sast and dast devsecops tools, including bandit, clean code, looks good to me (lgtm), owasp zed attack proxy (zap), and nikto

Define dependency analysis and describe how it is used to analyze dependencies between activities

Provide an overview of dependency analysis tools, including the open worldwide application security project (owasp), github dependabot, sonatype, and retire.js

Provide an overview of iac security

List common iac security tools, including anchore, clair, dagda, openscap, dockscan, and chef inspec
Describe how secrets management is used to manage passwords, keys, application programming interfaces (apis), and tokens

Provide an overview of secrets management tools such as vault, torus, keywhiz, envkey, confidant, and aws secrets manager

Describe how vulnerability management is used to identify, evaluate, treat, and report on security vulnerabilities

Provide an overview of vulnerability management tools, including jackhammer, defectdojo, and archerysec

Outline how vulnerability assessment is used to identify and assess severity levels to security vulnerabilities

Provide an overview of vulnerability assessment tools such as openvas and docker bench

Summarize the key concepts covered in this course

IN THIS COURSE

1m 11s

In this video, we will discover the key concepts covered in this course. FREE ACCESS
5m 41s

After completing this video, you will be able to provide an overview of SAST, or static analysis. FREE ACCESS
3. Dynamic Application Security Testing (DAST)

5m 56s

Upon completion of this video, you will be able to describe DAST, or dynamic analysis. FREE ACCESS
4. SAST and DAST DevSecOps Tools

6m 33s

After completing this video, you will be able to list common SAST and DAST DevSecOps tools, including Bandit, Clean Code, looks good to me (LGTM), OWASP Zed Attack Proxy (ZAP), and Nikto. FREE ACCESS
5. Dependency Analysis

5m 31s

Upon completion of this video, you will be able to define dependency analysis and describe how it is used to analyze dependencies between activities. FREE ACCESS
6. Dependency Analysis DevSecOps Tools

5m 42s

After completing this video, you will be able to provide an overview of dependency analysis tools, including the Open Worldwide Application Security Project (OWASP), GitHub Dependabot, Sonatype, and Retire.js. FREE ACCESS
7. Infrastructure as Code (IaC) Security

5m 40s

Upon completion of this video, you will be able to provide an overview of IaC security. FREE ACCESS
8. IaC Security DevSecOps Tools

5m 52s

In this video, we will list common IaC security tools, including Anchore, Clair, Dagda, OpenSCAP, dockscan, and Chef InSpec. FREE ACCESS
9. Secrets Management

5m 50s

After completing this video, you will be able to describe how secrets management is used to manage passwords, keys, application programming interfaces (APIs), and tokens. FREE ACCESS
10. Secrets Management DevSecOps Tools

5m 47s

Upon completion of this video, you will be able to provide an overview of secrets management tools such as Vault, Torus, Keywhiz, EnvKey, Confidant, and AWS Secrets Manager. FREE ACCESS
11. Vulnerability Management

5m 54s

After completing this video, you will be able to describe how vulnerability management is used to identify, evaluate, treat, and report on security vulnerabilities. FREE ACCESS
12. Vulnerability Management DevSecOps Tools

5m 55s

Upon completion of this video, you will be able to provide an overview of vulnerability management tools, including Jackhammer, DefectDojo, and ArcherySec. FREE ACCESS
13. Vulnerability Assessment

6m 12s

After completing this video, you will be able to outline how vulnerability assessment is used to identify and assess severity levels to security vulnerabilities. FREE ACCESS
14. Vulnerability Assessment DevSecOps Tools

6m 5s

Upon completion of this video, you will be able to provide an overview of vulnerability assessment tools such as OpenVAS and Docker Bench. FREE ACCESS
15. Course Summary

32s

In this video, we will summarize the key concepts covered in this course. FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

Course DevOps for Engineering Leaders: Introduction to DevOps

(21)

Course Security Principles for DevSecOps

(5)

Book DevOps Design Pattern: Implementing DevOps Best Practices for Secure and Reliable CI/CD Pipeline

PEOPLE WHO VIEWED THIS ALSO VIEWED THESE

Course Governance, Risk Management, and Compliance

(193)

Course System Security Certified Practitioner (SSCP 2018): Security Assessments

(26)

Course DevSecOps in AWS

(2)

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Not included: Compliance, Leadership Development Program content, and Engineering books

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

IT Skills and Salary Report

ESG Impact Report

Important DevSecOps Tools

WHAT YOU WILL LEARN

IN THIS COURSE

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

YOU MIGHT ALSO LIKE

PEOPLE WHO VIEWED THIS ALSO VIEWED THESE