Stalwart Learning’s “DevSecOps” course is an intensive, five-day program designed to empower IT professionals with the knowledge and skills to integrate security seamlessly into DevOps workflows. This course covers best practices, tools, and methodologies to build, secure, and monitor applications throughout the software development lifecycle (SDLC). By the end of the course, participants will understand how to establish a robust security culture, automate security testing, and address vulnerabilities early in the pipeline, making this course ideal for DevOps engineers, security professionals, and developers.
Duration
5 Days
Prerequisites
Basic knowledge of DevOps processes and CI/CD pipelines
Familiarity with programming and scripting languages
Understanding of fundamental security concepts is recommended
Course Outline
Module 1
Introduction to DevSecOps
- Understanding DevSecOps principles and the importance of security in DevOps
- Overview of the software development lifecycle (SDLC)
DevOps to DevSecOps: Bridging the Gap
- Shifting security left in the DevOps process
- Key practices for integrating security in each SDLC phase
Setting Up a DevSecOps Environment
- Tools and frameworks for DevSecOps (e.g., Jenkins, GitLab, Docker)
- Configuring a secure CI/CD pipeline
Module 2
Threat Modeling and Risk Assessment
- Identifying potential threats and vulnerabilities
- Conducting risk assessments and impact analysis
Implementing Secure Coding Practices
- Writing secure code to prevent common vulnerabilities (e.g., SQL injection, XSS)
- Code reviews and security checks
Hands-On Lab: Secure Code Implementation
Practical exercises to identify and fix code vulnerabilities
Module 3
Automated Security Testing in CI/CD
- Integrating static and dynamic analysis tools (SAST and DAST)
- Using tools like OWASP ZAP and SonarQube for continuous testing
Container Security
- Securing containers and images in Docker and Kubernetes
- Implementing container scanning and runtime security
Practical Lab: Automated Testing and Container Security
Hands-on session on setting up automated security tests
Module 4
Monitoring, Logging, and Incident Response
- Setting up monitoring for security threats
- Logging and alerting best practices for fast incident response
Secrets Management and Access Control
- Managing sensitive data and credentials securely
- Implementing role-based access control (RBAC)
Lab: Monitoring and Managing Secrets in DevSecOps
Configuring monitoring tools and managing secrets
Module 5
Compliance and Regulatory Considerations
- Navigating compliance requirements like GDPR and HIPAA
- Auditing and reporting for regulatory adherence
Building a Security-First DevOps Culture
- Training and building security awareness across teams
- Best practices for creating a collaborative DevSecOps environment
Capstone Project and Final Assessment
Q&A and feedback session
Group project to design and implement a DevSecOps pipeline