DevSecOps Course Content
Our team of experts designed this DevSecOps training to equip you with the proficiency to secure the container technologies, utilize cloud security services and carry out continuous compliance and security policy scanning. Go through the following DevSecOps course modules:
1.1: DevOps and Security Challenges
- Principles and Patterns behind the DevOps
- Identifying how DevOps works and keys to success
1.2: DevOps Toolchain
- GitFlow
- GitHub Actions
- Building CI/CD pipelines through CodePipeline, Azure DevOps, and Jenkins
- GitLab CI/CD
- Jenkins
- Securing the DevOps workflows
- Threat model and secure your deploy and build environment
1.3: Secure DevOps tools and Workflows
- Conducting efficient risk evaluations and threat modeling in the rapidly changing environment.
- Designing and Writing the automated security checks and tests in the CI/CD.
- Strengths and Weaknesses of automated testing approach in Continuous Delivery.
- Inventory and patch our software dependencies
- Wire the security scanning into the CodePipeline, Jenkins, and Azure DevOps workflows
1.4: Pre-commit Security Controls
- Git Hook Security
- Rapid Risk Assessment
- Branch Protections
- Code Editor Extensions
- Peer Reviews
- Code Owners
1.5: Commit Security Controls
- Component Analysis
- Static Analysis Security Testing
1.6: Secrets Management
- Handling Secrets in the CI/CD
- AWS SSM Parameter store
- Azure Key Vault
- HashiCorp Vault
- AWS Secrets Manager
2.1: Cloud Infrastructure as Code
- Cloud Infrastructure as Code
- AWS Cloud Information
- Deploying the Terraform
- Cloud Infrastructure as the cloud security analysis
2.2: Configuration Management as Code
- Automating the Configuration Management in the CI/CD
- Building the Gold Images with the Packer and Vagrant
- Using Ansible to configure the Virtual Machines
- Buiding the Gold Images
- Certifying the Gold Images with the InSpec
2.3: Container Security
- BuildKit and Dockerfile Security
- Base Image Hardening with the Conftest and Hadolint
- Container Registry Security
- Container Image Security
- Scanning the Container Images with the Docker Scan and Trivy
- Container Scanning with the Azure ACR and AWS ECR
2.4: Acceptance Stage Security
- Vulnerability Management in the DevSecOps
- Dynamic Application Security Testing
3.1: Cloud Deployment and Orchestration
- AWS CodePipeline
- Azure Pipelines
- Cloud Container Orchestration
- Azure Kubernetes Service
- Elastic Container Services
3.2: Security in the Cloud CI/CD
- AWS CodeBuild Security Integrations
- Software Composition Analysis
- Azure DevOps Security Extensions
3.3: Cloud Workload Security
- Cloud Storage Access Control
- Privilege Esçalation & Workload Identity
- TLS Hardening and Misconfiguration
3.4: Continuous Security Monitoring
- Monitoring and Feedback Loops from the production to the engineering
- Cloud Metrics and Logging
- Log Analytics and Azure Monitor
- AWS CludWatch Log Insights
- Kusto Query Language
- AWS CloudWatch Dashboards
- Automated Stack Alerts
- OS Query
3.5: Data Protection Services
- Azure Service Integration
- Azure Key Vaults
- AWS Service Integration
- AWS KMS
