Master Apparmor, Clair, Quay, Anchore, Swarm, Portainer, Rancher, KubeBench, Prometheus and more for DevOps security
DevSecOps stands for development, security, and operations. It’s an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle. DevOps isn’t just about development and operations teams. If you want to take full advantage of the agility and responsiveness of a DevOps approach, IT security must also play an integrated role in the full life cycle of your apps.
This course is a complete step by step guide for implementing best security practices and tools on your DevOps framework. You will start from the very basics by exploring the DevOps architecture and how it is related to DevSecOps. The you will learn the two main container management platforms: Docker and Kubernetes. You will master container management, working with Docker files, getting and building your own container images and optimizing them.
In the rest of the sections you will master the implementation of the extra security layer on your DevOps tools. Firstly, you will learn how to use the Docker Registry and build a registry on your own. I will show you how to use Docker Content Thrust and protect your docker daemon and host by applying Apparmor and Seccomp security profiles, implementing Docker Bench Security and and auditing the your Docker host. You will also learn how to protect and analyze vulnerabilities your docker images to prevent corruption using Clair, Quay, Anchore and the CVE database. You will explore how to create and manage Docker secrets, networks and port mapping. You will be able to use security monitoring tools such as cAdvisor, Dive, Falco and administration tools such as Portainer, Rancher and Openshift.
Finally you will focus on Kubernetes Security practices. You will learn how to find, solve and prevent Kubernetes security risks and apply best security practices. I will show you how to use KubeBench and Kubernetes Dashboard to enhance your Kubernetes Security and Prometheus and Grafana to monitor and observe our Kubernetes clusters for vulnerabilities.
Here is the complete course content by sections:
Section 1: You will review DevSecOps challenges, methodologies, and tools to improve the security of applications. The idea of DevSecOps implement security early in the DevOps in the application design, development, and delivery processes.
Section 2: You will review main containers platforms that provide infrastructure for both the development and operations teams, like Docker and Kubernetes. We will also review alternative tools like Podman.
Section 3: Master Docker manages images and containers, explores the main commands used for generating our images from Dockerfile, and learn how to optimize our Docker images, minimizing their size to reducing the attack surface.
Section 4: Learn security best practices and other aspects like Docker capabilities, which containers leverage in order to provide more features, such as the privileged container. Learn to create private registry to prevent your images to be accessible to the world. You will review Docker Content Trust and Docker Registry, which provide a secure way to upload our images in Docker Hub platform and other registries like Quay and Harbor.
Section 5: Docker daemon and AppArmor and Seccomp profiles, which provide kernel-enhancement features to limit system calls. Also, we will review tools like Docker bench security and Lynis, which follow security best practices in the Docker environment, and some of the important recommendations that can be followed during auditing and Docker deployment in a production environment.
Section 6: Here you will learn best practices for building container images securely. We will review some open source tools, such as Clair and Anchore, to discover vulnerabilities in container images by learning static analysis tools that analyze the different layers that compose an image. As a result, developers will be able to detect vulnerabilities in container applications before uploading them to production.
Section 7: You will learn about the main Docker container threats, the main vulnerabilities we can find in Docker images, and some services and tools for getting information about these vulnerabilities. As a result, developers will have the capacity to obtain details about vulnerabilities in container applications.
Section 8: Learn Docker secrets and the essential components of Docker networking, including how we can communicate with and link Docker containers. We will also review other concepts like port mapping, which Docker uses for exposing the TCP ports that provide services from the container to the host so that users accessing the host can access a container’s services.
Section 9: It is important to define a comprehensive strategy to monitor your Docker infrastructure with a native collection source for events, statistics, configurations, and records and provide views on the performance of the CPU, memory, and network containers.
Section 10: Learn some of the open source tools available for Docker container administration, such as Portainer, Rancher, and Openshift.
Section 11: Kubernetes architecture, components, objects, and networking model. We will also review different tools for working with Kubernetes, explaining minikube as the main tool for deploying a cluster.
Section 12: Kubernetes security and best practices for securing components and pods by applying the principle of least privilege in Kubernetes.
Section 13: Kubernetes security and Kubernetes bench for security project to execute controls documented in CIS Kubernetes Benchmark guide. We will also review main security projects for analyzing security in Kubernetes components and more critical vulnerabilities discovered in Kubernetes in the last few years.
Section 14: Review production capabilities when running Kubernetes. We will first analyze observability and monitoring in the context of Kubernetes, and then we will review Kubernetes dashboard for getting metrics in your cluster. You will look at the Kubernetes stack for observability and monitoring with Prometheus and Grafana.
Who this course is for:
- DevOps engineers
- Software engineers
- Managers who wish to apply security on their DevOps projects
- Software engineering students
- Computer science students
- Cybersecurity professionals
- Software developers