DevSecOps Essentials

Familiar with application development ecosystem. Basic knowledge in Linux and system administration.

In this two day course you will explore the origins of the movement, the building blocks of Agile and Lean and the cultural changes you and your organization will need to adopt to become a successful DevOps team.
In a blended mixture of theory, hands on, workshops and the use of tools such as Jenkins you will learn how to plan, organize and work in an atmosphere of collective responsibility.

Module 1: Application Development Concepts

• History of Application Development
• Evolution of Application Development Methodologies
• Introduction to Application Architectures
• Introduction to the Application Development Lifecycle
• Application Testing and Quality Assurance
• Application Monitoring, Maintenance, and Support

Module 2: Application Security Fundamentals

• What is Secure Application Development
• Need for Application Security
• Common Application Security Risks and Threats
• OWASP Top 10
• Application Security Techniques
• Secure Design Principles
• Threat Modeling
• Secure Coding
• Secure Code Review
• SAST and DAST Testing
• Secure Configurations
• Educating Developers
• Role of Risk Management in Secure Development
• Project Management Role in Secure Application Development

Module 3: Introduction to DevOps

• Introduction to DevOps
• DevOps Principles
• DevOps Pipelines
• DevOps and Project Management

Module 4: Introduction to DevSecOps

• Understanding DevSecOps
• DevOps vs. DevSecOps
• DevSecOps Principles
• DevSecOps Culture
• Shift-Left Security
• DevSecOps Pipelines
• Pillars of DevSecOps
• DevSecOps Benefits and Challenges

Module 5: Introduction to DevSecOps Management Tools

• Project Management Tools
• Integrated Development Environment (IDE) Tools
• Source-code Management Tools
• Build Tools
• Continuous Testing Tools

Module 6: Introduction to DevSecOps Code and CI/CD Tools

• Continuous Integration Tools
• Infrastructure as Code Tools
• Configuration Management Tools
• Continuous Monitoring Tools

Module 7: Introduction to DevSecOps Pipelines

• Role of DevSecOps in the CI/CD Pipeline
• DevSecOps Tools
• Embracing the DevSecOps Lifecycle
• DevSecOps Ecosystem
• Key Elements of the DevSecOps Pipeline
• Integrating Security into the DevOps Pipeline

Module 8: Introduction to DevSecOps CI/CD Testing and Assessments

• Implementing Security into the CI/CD Pipeline and Security Controls
• Continuous Security in DevSecOps with Security as Code
• Continuous Application Testing for CI/CD Pipeline Security
• Application Assessments and Penetration Testing

Module 9: Implementing DevSecOps Testing & Threat Modeling

• Integrating Security Threat Modeling in Plan Stage
• Integrating Secure Coding in Code Stage
• Integrating SAST, DAST, and IAST in Build and Test Stage
• Integrating RASP and VAPT in Release and Deploy Stage

Module 10: Implementing DevSecOps Monitoring Feedback

• Implementing Infrastructure as Code (IaC)
• Integrating Configuration Orchestration
• Integrating Security in Operate and Monitor Stage
• Integrating Compliance as Code (CaC)
• Integrating Logging, Monitoring, and Alerting
• Integrating Continuous Feedback Loop

Classroom Courses