rozšírené vyhľadávanie
Máte nejaké otázky?
+420 731 175 867 (Po-Pá: 09-17hod.)
SK
0 Košík

Certified DevSecOps Expert (CDE)

Kód kurzu: CDE

The Certified DevSecOps Expert (CDE) certification covers OS hardening, infrastructure/code compliance, vulnerability management, and automation.

Course Inclusions:

  • Course Manual
  • Course Videos and Checklists
  • 60+ Guided Exercises
  • 60 days Online Lab Access
  • Access to a dedicated Mattermost channel
  • One exam attempt for Certified DevSecOps Expert Certification
1 130 EUR

1 390 EUR s DPH

Výber termínov
Máte otázku?
+420 731 175 867 edu@edutrainings.cz

Odborní
certifikovaní lektori

Mezinárodne
uznávané certifikácie

Široká ponuka technických
a soft skills kurzov

Zobraziť soft skills kurzy

Skvelý zákaznicky
servis

Prispôsobenie kurzov
presne na mieru

Termíny kurzov

Počiatočný dátum: Na vyžiadanie

Forma: E-learning

Dĺžka kurzu: 60 dní

Jazyk: en

Cena bez DPH: 1 130 EUR

Registrovať

Počiatočný
dátum		 Miesto
konania		 Forma Dĺžka
kurzu		 Jazyk Cena bez DPH
Na vyžiadanie E-learning 60 dní en 1 130 EUR Registrovať
G Garantovaný kurz

Nenašli ste vhodný termín?

Napíšte nám o vypísanie alternatívneho termínu na mieru.

Kontakt

Popis kurzu

Upon completion of the course, you will be able to:

  • Understand, implement and manage advanced DevSecOps programs in an organization
  • Master the skills required for secure design assessment and threat modeling
  • Write Custom rulesets and reduce false-positive fatigue using automation.
  • Write Custom roles for SAST, DAST, OS hardening, and Infrastructure as Code.
  • Write Custom rulesets for Product Security tools, like SAST, DAST, RASP.
  • Gain the ability to scan, audit, and improve the security of Container ( Docker) systems.
  • Learn how to manage secrets in traditional and containerized environments.
  • Learn and understand performing Vulnerability Management at Scale

Štruktúra kurzu

Chapter 1: Overview of DevSecOps

  • DevOps Building Blocks- People, Process and Technology.
  • DevOps Principles – Culture, Automation, Measurement and Sharing (CAMS)
  • Benefits of DevOps – Speed, Reliability, Availability, Scalability, Automation, Cost and Visibility.
  • Overview of the DevSecOps critical toolchain.
    • Repository management tools.
    • Continuous Integration and Continuous Deployment tools.
    • Infrastructure as Code (IaC) tools.
    • Communication and sharing tools.
    • Security as Code (SaC) tools.
SDLC
  •  Overview of secure SDLC and CI/CD.
  • Review of security activities in secure SDLC.
  • Continuous Integration and Continuous Deployment.
  • How to move from DevSecOps Maturity Model (DSOMM) Level 2 to Level 4.
    • Best practices and considerations for Maturity Level 3.
    • Best practices and considerations for Maturity Level 4.
    • Security automation and its limits.
    • DSOMM level 3 and level 4 challenges and solutions.

Chapter 2: Security Requirements and Threat Modelling (TM)

  • What is Threat Modelling?
  • STRIDE vs DREAD approaches
  • Threat modeling and its challenges.
  • Classical Threat modeling tools and how they fit in CI/CD pipeline
  • Hands-On Labs:
    • Automate security requirements as code.
    • Using ThreatSpec to do Threat Modelling as Code.
    • Using BDD security to codify threats.

Chapter 3: Advanced Static Analysis(SAST) in CI/CD pipeline

  • Why pre-commit hooks are not a good fit in DevSecOps.
  • Writing custom rules to weed out false positives and improve the quality of the results.
  • Various approaches to write custom rules in free and paid tools.
    • Regular expressions
    • Abstract Syntax Trees
    • Graphs ( Data and Control Flow analysis)
  • Hands-On Labs:  Writing custom checks in the bandit for your enterprise applications.

Chapter 4: Advanced Dynamic Analysis(DAST) in CI/CD pipeline

  • Embedding DAST tools into the pipeline.
  • Leveraging QA/Performance automation to drive DAST scans.
  • Using Swagger (OpenAPI) and ZAP to scan APIs iteratively.
  • Ways to handle custom authentications for ZAP Scanner.
  • Using Zest Language to provide better coverage for DAST scans.
  • Hands-On Labs: using ZAP + Selenium + Zest to configure in-depth scans
  • Hands-On Labs: using Burp Suite Pro to configure per commit/weekly/monthly scans.

Note: Students need to bring their Burp Suite Pro License to use in CI/CD 

Chapter 5: Runtime Analysis(RASP/IAST) in CI/CD pipeline

  • What is Runtime Analysis Application Security Testing?.
  • Differences between RASP and IAST.
  • Runtime Analysis and challenges.
  • RASP/IAST and its suitability in CI/CD pipeline.
  • Hands-On Labs: A commercial implementation of the IAST tool.

Chapter 6: Infrastructure as Code(IaC) and Its Security

  • Configuration management (Ansible) security.
    • Users/Privileges/Keys – Ansible Vault vs Tower.
    • Challenges with Ansible Vault in CI/CD pipeline.
  • Introduction to Packer
    • Benefits of Packer.
    • Templates, builders, provisioners, and post processors.
    • Packer for continuous security in DevOps Pipelines.
  • Tools and Services for practicing IaaC ( Packer + Ansible + Docker )
  • Hands-On Labs: Using Ansible to harden on-prem/cloud machines for PCI-DSS
  • Hands-On Labs: Create hardened Golden images using Packer + Ansible

Chapter 7: Container (Docker) Security

  • What is Docker
  • Docker vs Vagrant
  • Basics of Docker and its challenges
    • Vulnerabilities in images (Public and Private)
    • Denial of service attacks
    • Privilege escalation methods in Docker.
    • Security misconfigurations.
  • Container Security.
    • Content Trust and Integrity checks.
    • Capabilities and namespaces in Docker.
    • Segregating Networks.
    • Kernel Hardening using SecComp and AppArmor.
  • Static Analysis of container(Docker) images.
  • Dynamic Analysis of container hosts and daemons.
Hands-On Labs:
  • Scanning docker images using Trivy and its APIs.
  • Auditing Docker daemon and host for security issues.

Chapter 8: Secrets management on mutable and immutable infra

  • Managing secrets in traditional infrastructure.
  • Managing secrets in containers at Scale.
  • Secret Management in Cloud
    • Version Control systems and Secrets.
    • Environment Variables and Configuration files.
    • Docker, Immutable systems and its security challenges.
    • Secrets management with Hashicorp Vault and consul.
  • Hands-On Labs: Securely store Encryption keys and other secrets using Vault/Consul.

Chapter 9: Advanced vulnerability management

  • Approaches to manage the vulnerabilities in the organization.
  • False positives and False Negatives.
  • Culture and Vulnerability Management.
  • Creating different metrics for CXOs, devs and security teams.
  • Hands-On Labs: Using Defect Dojo for vulnerability management.

Predpokladané znalosti

  • Course participants must have the Certified DevSecOps Professional (CDP) certification.
  • Course participants should have a basic understanding of Application Security Practices like SAST, DAST, etc.,

Potrebujete poradiť alebo upraviť kurz na mieru?

pruduktová podpora

+420 731 175 867

edu@edutrainings.cz

Certifikácie

  • After completing the course schedule the exam on your prefered date.
  • Pass the exam to get Certified DevSecOps Professional Certification.