Skip to Scheduled Dates
Course Overview
The DevSecOps Essentials program will provide you with the foundation knowledge and essential aspects of secure application development, or DevSecOps. In this course, you will gather key insights into identifying application development risk and securing and testing applications within on-premises, cloud providers, and hybrid infrastructures. Put your newly acquired abilities to the test in an exhilarating Capstone project to develop the hands-on proficiencies essential for success in your cyber professional role. After completing this program, you will be prepared to move toward a career in secure application development.
Who Should Attend
- School students, graduates, professionals, career starters and changers, IT / Technology / Cybersecurity teams with little or no work experience.
- Anyone who wants to start a career in cybersecurity, application security, and development and is interested in cloud technology.
- Any professional involved in developing, testing, and deploying applications to production environments, including on-premises, public cloud, and hybrid environments.
- This program is also beneficial for application developers, risk managers, project managers, application administrators, administrators, engineers, and architects.
Course Objectives
- Learn the fundamentals of application development.
- Gain knowledge of application security.
- Understand DevOps and DevSecOps.
- Explore the DevSecOps toolchain.
- Gain insights into DevSecOps and CI/CD pipelines.
- Learn about implementing and using tools for DevSecOps in CI/CD pipelines.
Course Outline
Module 1: Application Development Concepts
- History of Application Development
- Evolution of Application Development Methodologies
- Introduction to Application Architectures
- Introduction to the Application Development Lifecycle
- Application Testing and Quality Assurance
- Application Monitoring, Maintenance, and Support
Module 2: Application Security Fundamentals
- What is Secure Application Development
- Need for Application Security
- Common Application Security Risks and Threats
- OWASP Top 10
- Application Security Techniques
- Secure Design Principles
- Threat Modeling
- Secure Coding
- Secure Code Review
- SAST and DAST Testing
- Secure Configurations
- Educating Developers
- Role of Risk Management in Secure Development
- Project Management Role in Secure Application Development
Module 3: Introduction to DevOps
- Introduction to DevOps
- DevOps Principles
- DevOps Pipelines
- DevOps and Project Management
Module 4: Introduction to DevSecOps
- Understanding DevSecOps
- DevOps vs. DevSecOps
- DevSecOps Principles
- DevSecOps Culture
Module 5: Introduction to DevSecOps Management Tools
- Project Management Tools
- Integrated Development Environment (IDE) Tools
- Source-code Management Tools
- Build Tools
- Continuous Testing Tools
Module 6: Introduction to DevSecOps Code and CI/CD Tools
- Continuous Integration Tools
- Infrastructure as Code Tools
- Configuration Management Tools
- Continuous Monitoring Tools
Module 7: Introduction to DevSecOps Pipelines
- Role of DevSecOps in the CI/CD Pipeline
- DevSecOps Tools
- Embracing the DevSecOps Lifecycle
- DevSecOps Ecosystem
- Key Elements of the DevSecOps Pipeline
- Integrating Security into the DevOps Pipeline
Module 8: Introduction to DevSecOps CI/CD Testing and Assessments
- Implementing Security into the CI/CD Pipeline and Security Controls
- Continuous Security in DevSecOps with Security as Code
- Continuous Application Testing for CI/CD Pipeline Security
- Application Assessments and Penetration Testing
Module 9: Implementing DevSecOps Testing & Threat Modeling
- Integrating Security Threat Modeling in Plan Stage
- Integrating Secure Coding in Code Stage
- Integrating SAST, DAST, and IAST in Build and Test Stage
- Integrating RASP and VAPT in Release and Deploy Stage
Module 10: Implementing DevSecOps Monitoring Feedback
- Implementing Infrastructure as Code (IaC)
- Integrating Configuration Orchestration
- Integrating Security in Operate and Monitor Stage
- Integrating Compliance as Code (CaC)
- Integrating Logging, Monitoring, and Alerting
- Integrating Continuous Feedback Loop