Certified DevSecOps Engineer Certification

• Educational Background: Basic knowledge of DevOps processes and cloud platforms is recommended. Familiarity with programming and IT security fundamentals is advantageous. 

• Language Proficiency: A strong command of English is required, as course materials and assessments will be conducted in English. 

• Interest in DevSecOps: This course is suitable for professionals keen on advancing their skills in secure DevOps practices. 

• DevSecOps Fundamentals: Understand DevSecOps concepts, workflows, and automation strategies. 

• CI/CD Security: Implement security tools and checks within CI/CD pipelines. 

• Infrastructure Security: Secure cloud and on-premises environments using Infrastructure as Code (IaC). 

• Threat Modelling: Conduct risk assessments and threat modelling for secure application development. 

• Automated Security Testing: Perform continuous security testing and monitoring. 

The Certified DevSecOps Engineer Certification course is tailored for IT professionals responsible for integrating security into DevOps environments, including:

• DevOps Engineers
• Security Engineers
• IT Managers
• System Administrators
• Software Developers
• Cloud Security Specialists

Module 1: Understanding DevOps Culture

• Evolution of DevOps
• Role of DevOps in Software Development Life Cycle
• Implementing DevOps in Various Environments
• On-Premises
• AWS
• Azure
• DevOps Frameworks and Maturity Models
• Integrating Security in DevOps
  • Security Silos
  • DevOps Culture
     

Module 2: Introduction to DevSecOps

• Security Challenges in DevOps Processes
• Essence and Cultural Aspects of DevSecOps
• Continuous Security Integration in DevSecOps Pipeline
• DevSecOps Tools and Strategies
• Bridging the Gap Between Development, Operations, and Security
   

Module 3: DevSecOps Pipeline-Plan Stage

• Fortifying the CI/CD Pipeline
• Continuous Threat Modeling Practices
• Gathering Security Requirements from Business Functionalities
• Addressing Technical Security Debts
• Pre-Commit Checks and Secure Code Practices
   

Module 4: DevSecOps Pipeline-Code Stage

• Integrating Security in Code-Writing Process
• Security Plugins in Integrated Development Environments (IDEs)
• Configuring Code Scanning for GitHub Repositories
• Implementing and Scanning Source Code Repositories
• Integrating Software Composition Analysis (SCA) Tools
   

Module 5: DevSecOps Pipeline-Build and Test Stage

• Integrating Security Testing Tools and Frameworks
• Static Application Security Testing (SAST) Tools
• Manual Secure Code Review Techniques
• Dynamic Application Security Testing (DAST) Tools
• Interactive Application Security Testing (IAST) Tools
   

Module 6: DevSecOps Pipeline—Release and Deploy Stage

• Strengthening Security During Software Release and Deployment
• Integrating Security Tools
  • RASP
  • Penetration Testing
• Vulnerability Scanning and Bug Bounty Programs
• Infrastructure as Code (IaC) Principles
  • Terraform
  • AWS CloudFormation
• Configuration Orchestration Tools
  • Ansible
  • Chef
  • Puppet
  • Azure Resource Management
     

Module 7: DevSecOps Pipeline—Operate and Monitor Stage

• Maintaining Security During Software Operations and Monitoring
• Scanning for Vulnerabilities in Infrastructure as Code (IaC)
• Securing Containers and Integrating Monitoring Tools
• Compliance as Code (CaC) Practices
• Monitoring Features in AWS and Azure, Web Application Firewall (WAF), Continuous Feedback