DevSecOps
This DevSecOps course is designed to empower professionals with the knowledge and tools to seamlessly integrate security into the DevOps lifecycle.
New Batch Starting In
Who should take this course?
This DevSecOps course is ideal for:
- DevOps Engineers: Looking to integrate security practices into their workflows.
- Security Professionals: Interested in aligning security with modern development practices.
- Developers: Wanting to build secure code and understand security in the SDLC.
- IT Operations Teams: Seeking to enhance security in deployment and infrastructure management.
- Project Managers and Team Leads: Aiming to foster collaboration between Dev, Ops, and Security teams.
- System Architects: Focused on designing secure and scalable systems.
- Anyone in Tech: Aspiring to develop expertise in secure software delivery pipelines.
Instructor -led DevSecOps Live Online Class
Date
Time
Day
1st March 2025
9.00AM -1.00PM
Saturday
COURSE CURRICULUM
- Importance of Security _ Impact of Security Breaches
- How to Secure Systems Against Attacks
- Types of Security Attacks – Part 1
- Types of Security Attacks – Part 2
- OWASP top 10 – Part 1
- OWASP top 10 – Part 2
- Security in Layers
- Build a Continuous Integration Pipeline
- Impact of Missing Security Insights
- Secret Scanning with GitLeaks – Local Environment
- Pre-commit Hook for Secret Scanning _ Integrating GitLeaks in CI Pipeline
- False Positives _ Fixing Security Vulnerabilities
- Integrate SAST Scans in Release Pipeline
- Generate Security Scanning Reports
- Introduction to DefectDojo, Managing Security Findings, CWEs
- Automate Uploading Security Scan Results to DefectDojo
- Fix Security Issues Discovered in the DevSecOps Pipeline
- Software Composition Analysis – Security Issues in Application Dependencies
- Import SCA Scan Reports in DefectDojo, Fixing SCA Findings, CVEs
- Overview of Static Security Scans in CI Pipeline
- Overview of a CICD Pipeline
- Introduction to Security Layers for AWS Access
- Integrate CICD Pipeline with AWS ECR
- Configure Application Deployment Environment on EC2 Server
- Deploy Application to EC2 Server with Release Pipeline
- Configure Self-Managed GitLab Runner for Pipeline Jobs
- Build Application Images on Self-Managed Runner, Leverage Docker Caching
- Overview of Image Security
- Configure Automated Security Scanning in Application Image
- Analyze _ Fix Security Issues from Findings in Application Image
- Automate Uploading Image Scanning Results in DefectDojo
- Docker Security Best Practices
- Configure Automated Image Security Scanning in ECR Image Repository
- Understand AWS Access Management using IAM Service
- Securing AWS Root User Account
- IAM Users, Groups _ Policies
- Secure Access from CICD Pipeline to AWS
- Understand Importance of IAM Roles in AWS Cloud Security
- Security Essentials for Accessing Deployment Server
- Configure AWS Systems Manager for EC2 Server
- AWS SSM Commands in Release Pipeline for Server Access
- Secure Continuous Deployment to Server using SSM
- Secure Access to AWS with IAM Roles _ Short-Lived Credentials
- Overview of AWS Security Measures and Continuous Security Improvements
- Understand Dynamic Application Security Testing (DAST)
- Configure Automated DAST Scans in CICD Pipeline
- Understand Impact of IaC in Security _ DevSecOps
- Terraform Script for AWS Infrastructure Provisioning
- Replace Manually Created Infrastructure with Automatically Provisioned Resources
- Build CICD Pipeline for Infrastructure Code using GitOps Principles
- Configure Remote State for Terraform
- Add Automated Security Scan to TF Infrastructure Code
- Understand Need for Logging and Monitoring in Security
- Introduction to CloudTrail and CloudWatch
- CloudTrail Event History
- Configure Multi-Region Trail in CloudTrail _ Forward Logs to CloudWatch
- Create CloudWatch Alarm for EC2 Instance
- Create Custom Metric Filter for Failed Login Metrics
- Configure Alarm for Failed Login Attempts
