Home > Trainings > Certified DevSecOps Professional_CDP
Certified DevSecOps Professional_CDP
The hands-on DevSecOps Certification Course The DevSecOps Professional course is our most sought-after DevSecOps Training and Certification program.
Training Schedule
Features
Course Objective
We all have heard about DevSecOps, Shifting Left, Rugged DevOps but there are no clear examples or frameworks available for security professionals to implement in their organization. This hands-on course will teach you exactly that, tools and techniques to embed security as part of the DevOps pipeline. We will learn how unicorns like Google, Facebook, Amazon, Etsy handle security at scale and what we can learn
from them to mature o ur security programs.
Course Agenda
Module 1: An Introduction to the Basics
- What is DevOps?
- DevOps Building Blocks- People, Process and Technology.
- DevOps Principles – Culture, Automation, Measurement and Sharing (CAMS)
- Benefits of DevOps – Speed, Reliability, Availability, Scalability, Automation, Cost and Visibility.
- What is Continuous Integration and Continuous Deployment?.
- Common Challenges faced when using DevOps principle.
- Case studies on DevOps of cutting edge technology at Facebook, Amazon and Google
Module 2: Introduction to the Tools of the trade
- Gitlab/Github
- Docker
- Gitlab CI/Github Actions/Circle CI/Jenkins/Travis/
- OWASP ZAP
- Ansible
- Inspec
Module 3: Secure SDLC and CI/CD pipeline
- What is Secure SDLC
- Secure SDLC Activities and Security Gates
- DevSecOps Maturity Model (DSOMM)
- Usings tools of the trade to do the above activities in CI/CD
- Embedding Security as part of CI/CD pipeline
- DevSecOps and challenges with Pentesting and Vulnerability Assessment.
Module 4: Software Component Analysis (SCA) in CI/CD pipeline
- What is Software Component Analysis.
- Software Component Analysis and Its challenges.
- What to look in a SCA solution (Free or Commercial).
- Embedding SCA tools like OWASP Dependency Checker, Safety, RetireJs and NPM Audit, Snyk into the pipeline.
Module 5: SAST (Static Analysis) in CI/CD pipeline
- What is Static Application Security Testing.
- Static Analysis and Its challenges.
- Embedding SAST tools like Find Bugs into the pipeline.
- Secrets scanning to prevent secret exposure in the code.
- Writing custom checks to catch secrets leak age in an organization.
Module 6: DAST (Dynamic Analysis) in CI/CD pipeline
- What is Dynamic Application Security Testing.
- Dynamic Analysis and Its challenges ( Session Management, AJAX Crawling )
- Embedding DAST tools like ZAP and Burp Suite Dastardly into the pipeline.
- SSL misconfiguration testing
- Server Misconfiguration Testing like secret folders and files.
- Creating baseline scans for DAST.
Module 7: Infrastructure as Code and Its Security
- What is Infrastructure as Code and its benefits.
- Platform + Infrastructure Definition + Configuration Management.
- Introduction to Ansible.
- Benefits of Ansible.
- Push and Pull based configuration management systems
- Modules, tasks, roles and Playbooks
- Tools and Services which helps to achieve IaaC
Module 8: Compliance as code
- Different approaches to handle compliance requirements at DevOps scale
- Using configuration management to achieve compliance.
- Manage compliance using Inspec/OpenScap at Scale.
Module 9: Vulnerability Management with custom tools
- Approaches to manage the vulnerabilities in the organization
Exam & Certification
- After completing the course schedule the exam on your prefered date.
- Pass the exam to get Certified DevSecOps Professional Certification.
- Process of achieving practical devsecops course certifications can be found on the exam and certification page.
FAQs
Are there any pre-requisites for this course?
- Course participants should have knowledge of running basic linux commands like ls, cd, mkdir etc.,
- Course participants should have basic understanding of application Security practices like OWASP Top 10.
- You don’t need any experience with DevOps or DevOps tools.
How do I take the exam?
TaUB Solutions will request the examinations together with your registration. The exam should be taken at the end of the course. Results are available within 5 working days.