Courses

Catalog

• Beginner Security Automation Developer Class

  • 2. What is an InSpec Profile?
  • 3. Study an InSpec Profile - NGINX Example
  • 4. How to Get Started - InSpec Commands & Docs
  • 5. Writing InSpec Controls
  • 6. Inputs in InSpec
  • 7. InSpec Control Enhancements
  • 8. Generating InSpec Results
  • 9. Viewing and Analyzing Results
  • 10. Profile Dependencies (Overlays)
  • 11. From STIG to Profile
  • 12. Put it in Practice!
  • 13. Next Steps

• Development & Testing InSpec Profile

  • Repository Organization
  • Environment Setup
  • Test your Test Environment
  • AWS Testing Suite
  • Docker Testing Suite
  • Updating - Choosing Your Apprach
  • Secruity Benchmarks vs Traditional Software
  • Types of Profile Updates
  • Rules of the Road
  • Creating a `Patch Update`
  • Creating a `Release Update`
  • Creating a `Major Version Update`
  • Test Kitchen
  • Test Kitchen - Create
  • Test Kitchen - Converge
  • Test Kitchen - Validate
  • Test Kitchen - Destroy
  • Test Kitchen - .kitchen/ directory
  • Test Kitchen - `kitchen.yml` File
  • Test Kitchen - `kitchen.ec2.yml` File
  • Test Kitchen - `kitchen.container.yml`
  • GitHub Actions
  • InSpec Delta - Laying the Ground for a Clean Release Branch
  • InSpec Delta - Making the Delta Release Branch
  • Tips, Tricks & Troubleshooting
  • Background & Definitions
  • Terms & Definitions

• InSpec Advanced Profile Development

  • 2. Review the Fundamentals
  • 3. Practice the Fundamentals
  • 4. Exploring InSpec Resources
  • 5. Create a Custom Resource - The Git Example
  • 6. Create a Custom Resource - The Docker Example
  • 7. Exercise - Develop your own resources
  • 8. CI/CD Pipelines
  • 9. GitHub Actions
  • 10. Building Out Our Pipeline
  • 11. Verifying Results With The SAF CLI
  • 12. Next Steps
  • Appendix A - Writing Plural Resources
  • Appendix B - Custom Resource Examples from InSpec
  • Appendix C - Adding Your Resource to InSpec
  • Appendix D - Example Pipeline for Validating an InSpec Profile
  • Appendix B - More Resource Examples

• SAF User Class

  • 2. The Goal of the SAF
  • 3. What's the SAF?
  • 4. Getting Started - Plan
  • 5. Validation with InSpec Profiles
  • 6. How to Run InSpec
  • 7. Tailoring Inputs for InSpec
  • 8. Running InSpec
  • 9. Visualize Results - Heimdall
  • 10. Harden
  • 11. Comparing Results
  • 12. Manual Attestations
  • 13. InSpec Exercise - RedHat
  • 14. Normalize Other Data!
  • 15. Extra Info - Running InSpec with a Local Profile
  • 16. Next Steps

• Security Guidance Developer Class

  • 2. Security Guidance
  • 3. Security Technical Implementation Guides
  • 4. Anatomy of a STIG
  • 5. Using Vulcan
  • 6. Components Of a Vulcan Project
  • 7. Editing Components
  • 8. Check and Fix
  • 9. Automated InSpec Testing
  • 10. Peer Review
  • 11. Exporting Your Content
  • 12. Publishing a STIG
  • 13. Next Steps