Course Taxonomy: Programming

Mastering GitHub Copilot

Posted on April 23, 2024 by -

Day 1: Understanding GitHub Copilot

Part 1: Introduction to GitHub Copilot

  • Overview of GitHub Copilot and its role in modern software development
  • Understanding the underlying AI technology and its capabilities
  • Exploring the benefits of using GitHub Copilot in various development scenarios 
  • Exercise: Participants will install and set up GitHub Copilot in their preferred code editor and explore its basic functionalities.

Part 2: Setting Up GitHub Copilot

  • Installation and configuration of GitHub Copilot in different development environments
  • Integration with popular code editors and IDEs
  • Configuring preferences and customizing Copilot for personal coding style 
  • Exercise: Participants will configure and customize GitHub Copilot in their development environment according to their preferences.

Part 3: Leveraging GitHub Copilot for Code Generation

  • Exploring Copilot's code generation capabilities for different programming languages
  • Utilizing Copilot to automate repetitive code snippets and boilerplate code
  • Techniques for leveraging Copilot to speed up coding tasks and reduce manual effort 
  • Exercise: Participants will work on a coding exercise where they utilize GitHub Copilot to generate code for a specific task or functionality.

Part 4: Understanding Copilot's Contextual Assistance

  • Working with Copilot to get intelligent suggestions and context-aware code completions
  • Leveraging Copilot to improve code quality and adhere to best practices
  • Understanding how Copilot can help with debugging and error handling 
  • Exercise: Participants will work on a coding exercise where they leverage Copilot's contextual assistance to enhance code quality and address common coding issues.

Day 2: Advanced Techniques and Integration

Part 5: Advanced Code Generation with Copilot

  • Harnessing Copilot's advanced capabilities to generate complex code structures
  • Exploring techniques for code refactoring and optimization using Copilot
  • Generating code patterns for specific software design patterns and architectural styles 
  • Exercise: Participants will tackle a coding exercise that involves using Copilot to generate advanced code structures or refactor existing code for optimization.

Part 6: Collaboration and Version Control with Copilot

  • Using Copilot in a collaborative coding environment
  • Best practices for integrating Copilot with version control systems like Git
  • Leveraging Copilot for seamless code reviews and pull request workflows 
  • Exercise: Participants will work in pairs and collaborate on a coding exercise using Copilot, practicing code reviews and version control integration.

Part 7: Extending Copilot with Custom Models

  • Overview of custom model creation for GitHub Copilot
  • Building and training custom models to enhance Copilot's suggestions
  • Integrating custom models into Copilot and leveraging them for specific coding tasks 
  • Exercise: Participants will explore the process of creating and training custom models for Copilot, and then utilize them in a coding exercise to see the enhanced suggestions.

Part 8: Real-World Applications and Case Studies

  • Exploring real-world examples of how GitHub Copilot is transforming software development
  • Case studies showcasing the benefits and challenges of using Copilot in different scenarios
  • Best practices and recommendations for incorporating Copilot into existing development workflows 
  • Exercise: Participants will analyze real-world case studies and discuss the potential applications and challenges faced in each scenario. They will also brainstorm and present their ideas on how Copilot can be integrated into their own development workflows.

Certified Scrum Developer® (CSD®)

Posted on June 29, 2021 by -

The coursework and dedication needed to achieve a CSD® sharpens your skills to help you become a better

practitioner of Scrum and agile development.

By earning a Certified Scrum Developer® certification, you:

• Learn the foundations of Scrum and the scope of the Certified Scrum Developer’s role from the best minds in development agility

• Demonstrate to employers and peers your understanding of core Scrum knowledge

• Expand your career opportunities by staying relevant and marketable across all industry sectors adopting agile practices

• Engage with a community of recognized Scrum experts who are committed to continuous improvement

DevSecOps Boot Camp

Posted on October 17, 2020 by -

Part 1: DevOps, Security, and DevSecOps: Definitions

1. DevOps

2. Security

3. Risk

4. Culture

5. Agility

6. Testing

7. Continuous Integration

8. Continuous Delivery

Part 2: Where do we start with security?

1. Risk review

2. Policy

3. Roles

4. Compliance, regulatory and GRC

5. The Pipeline Model

6. Exercise A: Value Stream Mapping

Part 3: Security as a DevOps practice

1. Traditional vs. “DevOps” security

2. Tools vs. processes

3. Security, not compliance

4. Prioritizing testing for risk

5. Reducing source code footprint

6. Static analysis for secure code

7. Feature toggles for security

  • Toggle points
  • Toggle router
  • Toggle configuration

8. DevSecOps and technical debt management

Part 4: DevSecOps and “requirements”

1. Designing for security

2. Assessing risk appetite

3. Modeling threats

4. Product architecture

5. Use cases, antipatterns, and abuse cases

6. Dataflows and trust boundaries

7. Exercise B: Threat Modeling

Part 5: Secure development patterns

1. Secure code overview

2. OWASP review

3. Tools for automating OWASP

  • OWASP dependency checkers
  • OWASP Zap during regular functional tests

4. Developer guidelines & checklists

5. Tools to use

6. Coding Standards (top 5 languages)

7. Common pitfalls

8. Identifying Unsafe Code

Part 6: Security Testing in the Pipeline

1. Testing before commit

2. Scanning for secrets

3. Hook examples

4. Application security testing

  • Static
  • Dynamic

5. Testing dependencies

6. How to treat manual testing

7. Performance Testing

  • Testing for load
  • Testing for stress
  • Soak tests
  • Spike testing

8. Testing in parallel

9. Staging

10. Mutation testing and tools for performing it

11. User role testing

Part 7: Identity and Access Management (IAM)

1. IAM overview

2. Identity profiles

3. Using IAM for automation

4. IAM practices in the cloud

5. IAM as an application building block

6. IAM antipatterns

7. Guided discussion: IAM in a Microservices use case

Part 8: Deployment patterns for security

1. Canary candidates

2. Dark launches

3. Streamlining libraries and dependencies

4. Keeping packages up to date

5. Keeping deploys repeatable and reliable

6. OpenSCAP for scanning baselines before and after deployments

7. Scanning web server configuration

8. Database exploitation through applications

9. Infrastructure scanning

  • OpenVAS
  • NMAP

10. Scanning web applications

  • W3AF
  • Wapiti

Part 9: DevSecOps and Operations

1. Where does Ops security begin and end?

2. Infrastructure as Secure Code

3. Incident response planning and emergency drills

4. Release Archives

5. OS Protections:

  • Address Space Layout Randomization
  • Non-Executable Stacks
  • W^X
  • Data Execution Prevention
  • SELinux

7. Monitoring, logging and intelligent alerts

  • Splunk mini-tour: A transformative tool for analyzing machine data, operational risk, and application health

8. Log management

9. Penetration Testing

10. Exercise C: Profiling a DevSecOps Hybrid model

Part 10: Policy, Governance, and Audit

1. GRC review

2. Coding for compliance

3. DevOps and the “segregation of duties”

4. Tooling example: Chef InSpec

5. Change management and policy

6. Exercise D: Automated vs. Manual, to comply with Audit requirements

Part 11: Change management and DevSecOps

1. Three types of “change”

2. When and why to use CAB boards

3. Peer review vs. change management

4. Automating change management

ITIL in 2020

Part 12: Measurement and metrics

1. The core toolkit of metrics

2. The best way to institute alerts

3. Managing alerts

4. Proactive vs. reactive metrics

5. Measurement antipatterns

Part 13: More advice on the cultural factors

1. Security fails and breakdowns

2. Incentive, fear, and reward

3. Getting outside IT

4. How to shift left

5. Building security in

6. Cost and the business case for proactive security

7. Overcoming conventions of the past

8. Bridging silos – why and how

9. Exercise E: Rearranging incentives

Part 14: Putting it all together

1. Class recap and final questions

2. What will you do differently when you return to work?

Fundamentals of Secure Application Development

Posted on October 17, 2020 by -

Part 1: Secure Software Development

  1. Assets, Threats & Vulnerabilities
  2. Security Risk Analysis (Bus & Tech)
  3. Secure Dev Processes (MS, BSI…)
  4. Defense in Depth
  5. Approach for this course

Introductory Case Study

Part 2: The Context for Secure Development

  1. Assets to be protected
  2. Threats Expected
  3. Security Imperatives (int&external)
  4. Organization's Risk Appetite
  5. Security Terminology
  6. Organizational Security Policy
  7. Security Roles and Responsibilities
  8. Security Training for Roles
  9. Generic Security Goals & Requirements

Exercise: Our Own Security Context

Part 3: Security Requirements

  1. Project-Specific Security Terms
  2. Project-Related Assets & Security Goals
  3. Product Architecture Analysis
  4. Use Cases & MisUse/Abuse Cases
  5. Dataflows with Trust Boundaries
  6. Product Security Risk Analysis
  7. Elicit, Categorize, Prioritize SecRqts
  8. Validate Security Requirements

Exercise: Managing Security Requirements

Part 4: Designing Secure Software

  1. High-Level Design
    1. Architectural Risk Analysis
    2. Design Requirements
    3. Analyze Attack Surface
    4. Threat Modeling
    5. Trust Boundaries
    6. Eliminate Race Objects
  2. Detail-Level Design
    1. Secure Design Principles
    2. Use of Security Wrappers
    3. Input Validation
    4. Design Pitfalls
    5. Validating Design Security
    6. Pairing Mem Mgmt Functions
    7. Exclude User Input from format strings
    8. Canonicalization
    9. TOCTOU
    10. Close Race Windows
    11. Taint Analysis

Exercise: A Secure Software Design, Instructor Q and A

Part 5: Writing Secure Code

  1. Coding
    1. Developer guidelines & checklists
    2. Compiler Security Settings (per)
    3. Tools to use
    4. Coding Standards (per language)
    5. Common pitfalls (per language)
    6. Secure/Safe functions/methods
      1. Stack Canaries
      2. Encrypted Pointers
      3. Memory Initialization
      4. Function Return Checking (e.e. malloc)
      5. Dereferencing Pointers
    7. Integer type selection
      1. Range Checking
      2. Pre/post checking
    8. Synchronization Primitives
  2. Early Verification
    1. Static Analysis (Code Review w/tools)
    2. Unit & Dev Team Testing
    3. Risk-Based Security Testing
    4. Taint Analysis

Exercise: Secure Coding Q and A

Part 6: Testing for Software Security

  1. Assets to be protected
  2. Threats Expected
  3. Security Imperatives (int&external)
  4. Organization's Risk Appetite
  5. Static Analysis
  6. Dynamic Analysis
  7. Risk-Based Security testing
  8. Fuzz Testing (Whitebox vs Blackbox)
  9. Penetration Testing (Whitebox vs Blackbox)
  10. Attack Surface Review
  11. Code audits
  12. Independent Security Review

Exercise: Testing Software for Security

Part 7: Releasing & Operating Secure Software

  1. Incident Response Planning
  2. Final Security Review
  3. Release Archive
  4. OS Protections:
    1. Address Space Layout Randomization
    2. Non-Executable Stacks
    3. W^X
    4. Data Execution Prevention
  5. Monitoring
  6. Incident Response
  7. Penetration Testing

Exercise: A Secure Software Release

Part 8: Making Software Development More Secure

  1. Process Review
  2. Getting Started
  3. Priorities

Exercise: Your Secure Software Plan

DevOps Implementation Boot Camp (ICP-FDO)

Posted on October 17, 2020 by -

Part 1: Introduction

1.      DevOps Defined

  • DevOps (Then and Now)
  • CI/CD
  • Infrastructure as Code
  • BizDevOps
  • DevSecOps
  • AIOps
  • DataOps

2.     High-Performance IT Organizations

  • Elite Performers
  • Use of the Cloud
  • Work-Life Balance
  • Optimized Change Review

3.     Origins and History of DevOps

  • The Quality Movement and W Edwards Deming
  • The Lean Movement and the Toyota Production System
  • The Agile Movement – Mindset, Value, Principles & Practices
  • The Continuous Delivery Movement

4.     Argument for DevOps

  • Business Value of DevOps
  • Net Effect of DevOps
  • Exercise: Argue for the value of DevOps in your organization

Part 2: Maturing a DevOps Practice in the Enterprise

1.      CALMS – The 5 DevOps Principles

2.     The 5 Cultural Challenges

3.     5 Cultural Dimensions

4.     Value Stream Mapping

  • Value Stream Definition and Examples
  • Exercise: Choose and Map a Case Study Value Stream
  • Analyze: Value Stream Lead Time, Quality, Involvement
  • Exercise: Analyze a Value Stream

Part 3: Your DevOps Journy – Optimize Flow

1.      Principles of Flow

  • 6 Principles of Flow from the DevOps Handbook
  • 8 Principles of Continuous Delivery from the Continuous Delivery book
  • Exercise: Apply Principles to your Case Study Value Stream

2.     Infrastructure as Code

3.     Infrastructure & Application Configuration Management

  • Configuration Management Tools
  • Exercise: Configuration Management in your Case Study Value Stream

4.     Deployment Pipeline

  • Deployment Pipeline Stages and Tools
  • Deployment Orchestration Tools
  • Deployment Pipeline: Everything in Version Control
  • Exercise: Deployment Pipeline in your Case Study Value Stream

5.     DevOps Quality Management

  • Quality Foundations
  • Quality Principles
  • Quality Practices
  • Test Automation Architecture
  • Test Automation Pyramid
  • Strategies for Managing Test Data
  • Code Analysis Tools
  • Automated Testing Tools
  • Exercise: DevOps Quality Management in your Case Study Value Stream

6.     CI/CD

  • Continuous Integration
  • Continuous Delivery
  • Exercise: CI/CD in your Case Study Value Stream

7.     Database Continuous Integration (DBCI)

  • Exercise: DBCI in your Case Study Value Stream

8.     Application Management Strategies

9.     Application Architecture – SOA, Microservices, Strangler Pattern

10.  Infrastructure Architecture – Virtualization & The Cloud

11.    Containerization

12.  Exercise: Optimize Flow in Your Case Study Value Stream

Part 4: Your DevOps Journey – Amplify Feedback

1.      Objective & Principles of Feedback

2.     Telemetry Definitions & Concepts

  • Telemetry Principles
  • Exercise: Telemetry Principles in your Case Study Value Stream
  • Integrating Security into Production Telemetry
  • Telemetry Layers & Levels
  • Ensuring Effective Alerts
  • System Monitoring, Log Agregation, and Alerting Tools
  • DevOps Metrics

3.     Advanced uses of Telemetry

  • Using Telemetry to Anticipate Problems
  • Feedback for Safe Deployment of Code
  • Developers Follow Their Apps Downstream
  • Hypothesis-Driven Development and A/B Testing
  • Exercise: Telemetry in your Case Study Value Stream

4.     Change Review and Coordination

5.     Exercise: Amplify Feedback in Your Case Study Value Stream

Part 5: Your DevOps Journey – Continual Learning & Experimentation

1.      Learning Culture

  • Blameless Postmortems
  • Responses to Failure
  • Blameless Postmortems

2.     Knowledge Sharing

3.     Innovation Culture

  • Institutionalize the Improvement of Daily Work
  • Encouraging Experimentation
  • Holding Learning and Improvement Events (Hackathons, Kaizen Blitzes, Rehearsing Large-Scale Failures, Fault Injection)

4.     Role of Leadership

5.     Exercise: Learning & Innovation Culture in your organization

Part 6: Planning Your DevOps Journey

1.      Cultural challenges

2.     Organizational challenges

3.     Transformation Patterns You Can Follow

  • Lean Startup Teams
  • Collaboration Tools
  • Automate Everything You Can
  • Reserve Time for Improvement

4.     Planning DevOps Transformation

5. Exercise: Your DevOps Action Plan