Skip to main content

Home > Trainings > Certified DevSecOps Professional_CDP

Certified DevSecOps Professional_CDP

The hands-on DevSecOps Certification Course The DevSecOps Professional course is our most sought-after DevSecOps Training and Certification program.

Download Brochure Download Brochure

Training Schedule

Please contact info@taubsolutions.com for more details
Virtual

Features

Self-paced Learning Mode
Browser-based Lab Access
24/7 Instructor Support via Mattermost

Course Objective

We all have heard about DevSecOps, Shifting Left, Rugged DevOps but there are no clear examples or frameworks available for security professionals to implement in their organization. This hands-on course will teach you exactly that, tools and techniques to embed security as part of the DevOps pipeline. We will learn how unicorns like Google, Facebook, Amazon, Etsy handle security at scale and what we can learn
from them to mature o ur security programs.

Course Agenda

Module 1: An Introduction to the Basics

  1. What is DevOps?
  2. DevOps Building Blocks- People, Process and Technology.
  3. DevOps Principles – Culture, Automation, Measurement and Sharing (CAMS)
  4. Benefits of DevOps – Speed, Reliability, Availability, Scalability, Automation, Cost and Visibility.
  5. What is Continuous Integration and Continuous Deployment?.
  6. Common Challenges faced when using DevOps principle.
  7. Case studies on DevOps of cutting edge technology at Facebook, Amazon and Google

Module 2: Introduction to the Tools of the trade

  1. Gitlab/Github
  2. Docker
  3. Gitlab CI/Github Actions/Circle CI/Jenkins/Travis/
  4. OWASP ZAP
  5. Ansible
  6. Inspec

Module 3: Secure SDLC and CI/CD pipeline

  1. What is Secure SDLC
  2. Secure SDLC Activities and Security Gates
  3. DevSecOps Maturity Model (DSOMM)
  4. Usings tools of the trade to do the above activities in CI/CD
  5. Embedding Security as part of CI/CD pipeline
  6. DevSecOps and challenges with Pentesting and Vulnerability Assessment.

Module 4: Software Component Analysis (SCA) in CI/CD pipeline

  1. What is Software Component Analysis.
  2. Software Component Analysis and Its challenges.
  3. What to look in a SCA solution (Free or Commercial).
  4. Embedding SCA tools like OWASP Dependency Checker, Safety, RetireJs and NPM Audit, Snyk into the pipeline.

Module 5: SAST (Static Analysis) in CI/CD pipeline

  1. What is Static Application Security Testing.
  2. Static Analysis and Its challenges.
  3. Embedding SAST tools like Find Bugs into the pipeline.
  4. Secrets scanning to prevent secret exposure in the code.
  5. Writing custom checks to catch secrets leak age in an organization.

Module 6: DAST (Dynamic Analysis) in CI/CD pipeline

  1. What is Dynamic Application Security Testing.
  2. Dynamic Analysis and Its challenges ( Session Management, AJAX Crawling )
  3. Embedding DAST tools like ZAP and Burp Suite Dastardly into the pipeline.
  4. SSL misconfiguration testing
  5. Server Misconfiguration Testing like secret folders and files.
  6. Creating baseline scans for DAST.

Module 7: Infrastructure as Code and Its Security

  1. What is Infrastructure as Code and its benefits.
  2. Platform + Infrastructure Definition + Configuration Management.
  3. Introduction to Ansible.
    1. Benefits of Ansible.
    2. Push and Pull based configuration management systems
    3. Modules, tasks, roles and Playbooks
  4. Tools and Services which helps to achieve IaaC

Module 8: Compliance as code

  1. Different approaches to handle compliance requirements at DevOps scale
  2. Using configuration management to achieve compliance.
  3. Manage compliance using Inspec/OpenScap at Scale.

Module 9: Vulnerability Management with custom tools

  1. Approaches to manage the vulnerabilities in the organization

Exam & Certification

  1. After completing the course schedule the exam on your prefered date.
  2. Pass the exam to get Certified DevSecOps Professional Certification.
  3. Process of achieving practical devsecops course certifications can be found on the exam and certification page.

FAQs

Are there any pre-requisites for this course?

  1. Course participants should have knowledge of running basic linux commands like ls, cd, mkdir etc.,
  2. Course participants should have basic understanding of application Security practices like OWASP Top 10.
  3. You don’t need any experience with DevOps or DevOps tools.

How do I take the exam?

TaUB Solutions will request the examinations together with your registration. The exam should be taken at the end of the course. Results are available within 5 working days.

Enroll Now

The session was delivered effectively. It was very interactive with on the job examples. I learned a lot and plan to implement them. Thanks Suresh GP for such a wonderful session.

Sheethal Sudheer BRMPBRM, Business Owner DevSecOps tools, Digital Transformation, Process Management

It was a very interactive session with a lot of real life examples. Very good and informative session by
Suresh GP

Vijaykumar TCVice President - Citi Technology Infrastructure

The CBRM training offered through TaUB Solutions is an excellent course. I first heard Suresh speak a few years back at the BRMConnect conference and taking this course solidified my opinion and respect of Suresh’s vast knowledge of BRM discipline

Michelle Day, CBRM®Director, Business Relationship Management

The training was absolutely fantastic, Extremely valuable.
It changes the way we look at SRE. Suresh was BEST instructor you could ask for, more importantly,
he was helping with real world problems based on his experiences.

Praveen PatilSenior Engineering Manager at Lowe's Companies, Inc.