EC-Council Certified DevSecOps Engineer (ECDE)

Skip to Scheduled Dates

Course Overview

EC-Council Certified DevSecOps Engineer (E|CDE) is a hands-on, instructor-led comprehensive DevSecOps certification program that helps professionals build the essential skills to design, develop, and maintain secure applications and infrastructure.

Who Should Attend

  • C|ASE-certified professionals
  • Application security professionals
  • DevOps engineers
  • IT security professionals
  • Cybersecurity engineers and analysts
  • Software engineers and testers
  • Anyone with prior knowledge of application security who wants to build a career in DevSecOps

Course Objectives

    • Understand DevOps security bottlenecks and discover how the culture, philosophy, practices, and tools of DevSecOps can enhance collaboration and communication across development and operations teams.
    • Integrate Eclipse and GitHub with Jenkins to build applications.
    • Integrate threat modeling tools like Threat Dragon, ThreatModeler, and Threatspec; manage security requirements with Jira and Confluence; and use Jenkins to create a secure CI/CD pipeline.
    • Integrate runtime application self-protection tools like Hdiv, Sqreen, and Dynatrace that protect applications during runtime with fewer false positives and remediate known vulnerabilities.
    • Implement tools like the Jfrog IDE plugin and the Codacy platform.
    • Implement various automation tools and practices, including Jenkins, Bamboo, TeamCity, and Gradle.
    • Implement penetration testing tools like gitGraber and GitMiner to secure CI/CD pipelines.
    • Integrate automated tools to identify security misconfigurations that could expose sensitive information and result in attacks.
    • Audit code pushes, pipelines, and compliance using logging and monitoring tools like Sumo Logic, Datadog, Splunk, the ELK stack, and Nagios.
    • Integrate compliance-as-code tools like Cloud Custodian and the DevSec framework to ensure that organizational regulatory or compliance requirements are met without hindering production.
    • Integrate tools and practices to build continuous feedback into the DevSecOps pipeline using Jenkins and Microsoft Teams email notifications.
    • Understand the DevSecOps toolchain and how to include security controls in automated DevOps pipelines.
    • Align security practices like security requirement gathering, threatmodeling, and secure code reviews with development workflows.
    • Understand and implement continuous security testing with static, dynamic, and interactive application security testing and SCA tools (e.g., Snyk, SonarQube, StackHawk, Checkmarx SAST, Debricked, WhiteSource Bolt).
    • Integrate SonarLint with the Eclipse and Visual Studio Code IDEs.
    • Integrate automated security testing into a CI/CD pipeline using Amazon CloudWatch; Amazon Elastic Container Registry; and AWS CodeCommit, CodeBuild, CodePipeline, Lambda, and Security Hub.
    • Perform continuous vulnerability scans on data and product builds using automated tools like Nessus, SonarCloud, Amazon Macie, and Probely.
    • Use AWS and Azure tools to secure applications.
    • Understand the concept of infrastructure as code and provision and configure infrastructure using tools like Ansible, Puppet, and Chef.
    • Use automated monitoring and alerting tools (e.g., Splunk, Azure Monitor, Nagios) and create a real-time alert and control system.
    • Scan and secure infrastructure using container and image scanners (Trivy and Qualys) and infrastructure security scanners (Bridgecrew and Checkov).
    • Integrate alerting tools like Opsgenie with log management and monitoring tools to enhance operations performance and security

Course Outline

Module 1: Understanding DevOps Culture

Module 2: Introduction to DevSecOps

Module 3: DevSecOps Pipeline—Plan Stage

Module 4: DevSecOps Pipeline—Code Stage

Module 5: DevSecOps Pipeline—Build and Test Stage

Module 6: DevSecOps Pipeline—Release and Deploy Stage

Module 7: DevSecOps Pipeline—Operate and Monitor Stage

 Back to Course Search

Class Dates & Times

Class times are listed Central time

This is a 3-day class

Class dates not listed.
Please contact us for available dates and times.