Login

OTP sent to

DevSecOps

Home > Courses > DevSecOps

DevSecOps

DevSecOps

Duration
45 Hours

Course Description

        DevSecOps, which stands for Development, Security, and Operations, is a software development approach that integrates security practices into every phase of the software development lifecycle (SDLC). It emphasizes collaboration, automation, and shared responsibility for security, aiming to build and release secure software at speed and scale. DevSecOps is an extension of DevOps, shifting security left by embedding security checks early and often in the development process. 

Course Outline For DevSecOps

Topics:

  • Whatis SDLC
  • WhatisDevOps
  • DevOpsfor InfraàDevOpsIaC
  • DevOps+Security àDevSecOps
  • UnderstandingCI/CDWorkflowforDevelopers&Testers
  • IntegratingSecurityinCI/CDWorkflowàEnablingDevSecOps
  • WorkingwithSASTàStaticAnalysisSecurityTesting
  • CodeQualitywithSecurityHotspots
  • ThirdPartyVulnerabilityScanningàDependencyCheck
  • WritingSecureCodefor IaC
  • WhyDevSecOps?
  • Security Checklist
  • ImportantTerminologiesofDevSecOps
  • NVD
  • CVE
  • CPEDefinitionsinSecurity
  • Securityat allstagesinSDLC
  • UnderstandingProtectedBranches–RunningChecksbeforemerge
  • WorkingGitLeaks& otherlintingtools
  • InfrastructureorVMsecurity:Qualys,NativeVMsecurityoptionsprovidedbyCloud Providers
  • CloudSecurity:IAM,SG,NSG,WAF, L4, L7
  • Demo:Ataveryhighlevelfor IAM,NetworkandFirewallrules
  • Containers:Trivy,Snyk,TwistLock,DockerNativeImageScanner
  • Demo:Image/Containersecuritylivedemo
  • ContainerOrchestrationSecurity:kube-bench
  • Demo:kube-benchsecurityassessmentdemo
  • DeployingApplicationinKubernetes inSecureManner
  • UnderstandingSecurityContext
  • UnderstandingNetworkPolicies
  • RBAC
  • Password/SecretSecurity:Vault
  • UnderstandingVault
  • WorkingwithVaultonlocal
  • IntegratingVaultwithPipelines
  • WorkingwithChefInspec
  • UnderstandingWAF
  • DataEncryption:KMS(Customermanagedandcloudmanaged)
  • DDoSPrevention
  • StaticSecuritytools: OWASP-DC
  • SASTforAppCode:Synk,Sonar
  • PentestsorDynamicSecuritytools:OWASP-ZAP
  • Demo:DASTlivedemo
  • ArtifactRepositoryScanning
Enquire Now