AWS DevSecOps Pipeline

This Project was built for training the audience in how to impliment shifting left when incorporating cybersecurity in organizations

Energy Dashboard — View of the Energy Dashboard.

This was build using the sample serverless architecture below:

sample serverless big data workflow — Sample serverless big data workflow.

AWS DevSecOps

1. Getting Started

Workshop Studio
Using your own AWS Account

Setting up the Development Environment

2. Release Automation

Download the Project Files
Configure AWS CDK
Deploy The Pipeline & Tools
Explore the environment

3. OWASP Top 10

4. Static Application Security Testing (SAST)

Seed the Source Code Repository
Code Overview
Mark True Positives
Protecting your Cookies

APPENDIX

Exploring the sast_buildspec.yaml
Exploring docker_buildspec.yaml

5. Software Composition Analysis (SCA)

Check The Dependencies
Fix Insecure Dependencies

APPENDIX: Exploring the sca_buildspec.yaml

6. License Analysis

Check The Dependencies
Remove Unauthorized Dependencies
Push and Validate Security Fixes

APPENDIX: Exploring the license_check_buildspec.yaml

7. [OPTIONAL] Dynamic Application Security Testing (DAST)

Enable DAST
Perform DAST
Prevent Click Jacking

APPENDIX: Exploring the dast_buildspec.yaml

8. [OPTIONAL] Secure Code Reviews

Fix SSTI Vulnerability
Generate Secure Tokens
Enable CSRF Protection
Escape HTML
Fix Access Controls
Push and Validate Fixes

9. Clean up