rozšírené vyhľadávanie
Máte nejaké otázky?
+420 731 175 867 (Po-Pá: 09-17hod.)
SK
0 Košík

Certified DevSecOps Professional (CDP)

Kód kurzu: CDP

The CDP course provides an introduction to DevSecOps processes, tools, techniques, and the creation of secure SDLC and CI/CD DevSecOps pipelines by utilizing SCA, SAST, DAST, and Security as Code.

Course Inclusions:

  • Course Manual
  • Course Videos and Checklists
  • 60+ Guided Exercises
  • 60 days Online Lab Access
  • Access to a dedicated Mattermost channel
  • One exam attempt for Certified DevSecOps Professional Certification
845 EUR

1 039 EUR s DPH

Výber termínov
Máte otázku?
+420 731 175 867 edu@edutrainings.cz

Odborní
certifikovaní lektori

Mezinárodne
uznávané certifikácie

Široká ponuka technických
a soft skills kurzov

Zobraziť soft skills kurzy

Skvelý zákaznicky
servis

Prispôsobenie kurzov
presne na mieru

Termíny kurzov

Počiatočný dátum: Na vyžiadanie

Forma: E-learning

Dĺžka kurzu: 60 dní

Jazyk: en

Cena bez DPH: 845 EUR

Registrovať

Počiatočný
dátum		 Miesto
konania		 Forma Dĺžka
kurzu		 Jazyk Cena bez DPH
Na vyžiadanie E-learning 60 dní en 845 EUR Registrovať
G Garantovaný kurz

Nenašli ste vhodný termín?

Napíšte nám o vypísanie alternatívneho termínu na mieru.

Kontakt

Popis kurzu

Upon completion of the course, you will be able to:

  • Gain a solid foundation of the CI/CD pipelines, DevOps, and Secure SDLC.
  • Learn to understand and apply the principles, values, and practices that enable DevSecOps.
  • Learn to create a culture of sharing and collaboration among various organizational stakeholders and departments.
  • Understand the critical parts of DevSecOps processes, tools, and techniques.
  • Create and maintain DevSecOps pipelines using SCA, SAST, DAST, Infrastructure as Code, Compliance as Code, and Security as code best practices.
  • Ensure the hardening and compliance of infrastructure according to the organization’s policies.
  • Learn to consolidate and centrally manage security results from multiple automation and tooling from a CI/CD pipeline.
  • Plan and mature an organization’s DevSecOps program.

Štruktúra kurzu

Chapter 1: An Introduction to the Basics

  • What is DevOps?
  • DevOps Building Blocks- People, Process and Technology.
  • DevOps Principles – Culture, Automation, Measurement and Sharing (CAMS)
  • Benefits of DevOps – Speed, Reliability, Availability, Scalability, Automation, Cost and Visibility.
  • What is Continuous Integration and Continuous Deployment?.
    • Continuous Integration to Continuous Deployment to Continuous Delivery.
    • Continuous Delivery vs Continuous Deployment.
    • General workflow of CI/CD pipeline.
    • Blue/Green deployment strategy
    • Achieving full automation.
    • Designing a CI/CD pipeline for web application.
  • Common Challenges faced when using DevOps principle.
  • Case studies on DevOps of cutting edge technology at Facebook, Amazon and Google

Demo: A full enterprise grade DevSecOps Pipeline.

Chapter 2: Introduction to the Tools of the trade

  • Gitlab/Github
  • Docker
  • Gitlab CI/Github Actions/Circle CI/Jenkins/Travis/
  • OWASP ZAP
  • Ansible
  • Inspec
  • Hands-On Labs: Building a CI Pipeline using  Gitlab CI/Jenkins/Travis and Gitlab/Github Actions.
  • Hands-On Labs: Use the above tools to create a complete CI/CD pipeline.

Note: Once you learn the above tools, you will be able to create DevSecOps Pipelines in Cloud providers like AWS, Azure DevOps etc.,

Chapter 3: Secure SDLC and CI/CD pipeline

  • What is Secure SDLC
  • Secure SDLC Activities and Security Gates
    • Security Requirements ( Requirements)
    • Threat Modelling  (Design)
    • Static Analysis and Secure by Default ( Implementation)
    • Dynamic Analysis(Testing)
    • OS Hardening, Web/Application Hardening (Deploy)
    • Security Monitoring/Compliance (Maintain)
  • DevSecOps Maturity Model (DSOMM)
    • Maturity levels and tasks involved
    • 4-axes in DSOMM
    • How to go from Maturity Level 1 to Maturity Level 4
    • Best practices for Maturity Level 1
    • Considerations for Maturity Level 2
    • Challenges in Maturity Level 3
    • Dream of achieving Maturity Level 2
  • Usings tools of the trade to do the above activities in CI/CD
  • Embedding Security as part of CI/CD pipeline
  • DevSecOps and challenges with Pentesting and Vulnerability Assessment.
  • Hands-on: Create a CI/CD pipeline suitable for modern application.
  • Hands-on: Manage the findings in a fully automated pipeline.

Chapter 4: Software Component Analysis (SCA) in CI/CD pipeline

  • What is Software Component Analysis.
  • Software Component Analysis and Its challenges.
  • What to look in a SCA solution (Free or Commercial).
  • Embedding SCA tools like OWASP Dependency Checker, Safety, RetireJs and NPM Audit, Snyk into the pipeline.
  • Demo: using OWASP Dependency Checker to scan third party component vulnerabilities in Java Code Base.
  • Hands-On Labs: using RetireJS and NPM to scan third party component vulnerabilities in Javascript Code Base.
  • Hands-On Labs: using Safety/pip to scan third party component vulnerabilities in Python Code Base.

Chapter 5: SAST (Static Analysis) in CI/CD pipeline

  • What is Static Application Security Testing.
  • Static Analysis and Its challenges.
  • Embedding SAST tools like Find Bugs into the pipeline.
  • Secrets scanning to prevent secret exposure in the code.
  • Writing custom checks to catch secrets leak age in an organization.
  • Hands-On Labs:
    • using SpotBugs to scan Java code.
    • using trufflehog/gitrob to scan for secrets in CI/CD pipeline.
    • using brakeman/bandit to scan Ruby on Rails and Python Code Base.

Chapter 6: DAST (Dynamic Analysis) in CI/CD pipeline

  • What is Dynamic Application Security Testing.
  • Dynamic Analysis and Its challenges ( Session Management, AJAX Crawling )
  • Embedding DAST tools like ZAP and Burp Suite Dastardly into the pipeline.
  • SSL misconfiguration testing
  • Server Misconfiguration Testing like secret folders and files.
  • Creating baseline scans for DAST.
  • Hands-On Labs: using ZAP to configure per commit/weekly/monthly scans.

Chapter 7: Infrastructure as Code and Its Security

  • What is Infrastructure as Code and its benefits.
  • Platform + Infrastructure Definition + Configuration Management.
  • Introduction to Ansible.
    • Benefits of Ansible.
    • Push and Pull based configuration management systems
    • Modules, tasks, roles and Playbooks
  • Tools and Services which helps to achieve IaaC
  • Hands-On Labs: Docker and Ansible
  • Hands-On Labs: Using Ansible to create Golden images and harden Infrastructure.

Chapter 8: Compliance as code

  • Different approaches to handle compliance requirements at DevOps scale
  • Using configuration management to achieve compliance.
  • Manage compliance using Inspec/OpenScap at Scale.
  • Hands-On Labs: Create a Inspec profile to create compliance checks for your organization
  • Hands-On Labs: Use Inspec profile to scale compliance.

Chapter 9: Vulnerability Management with custom tools

  • Approaches to manage the vulnerabilities in the organization.
  • Hands-On Labs: Using Defect Dojo for vulnerability management.

Predpokladané znalosti

  • Course participants should have knowledge of running basic Linux commands like ls, cd, mkdir etc.,
  • Course participants should have a basic understanding of application Security practices like OWASP Top 10.
  • You don’t need any experience with DevOps tools.

Potrebujete poradiť alebo upraviť kurz na mieru?

pruduktová podpora

+420 731 175 867

edu@edutrainings.cz

Certifikácie

  • After completing the course schedule the exam on your prefered date.
  • Pass the exam to get Certified DevSecOps Professional Certification.