Certified DevSecOps Engineer (ECDE)

Module 01: Understanding DevOps Culture

• Understand the Evolution of the Software Development Life Cycle
• Understand what DevOps is
• Learn to Implement DevOps in an On-Premises Environment
• Learn to Implement DevOps in an AWS Cloud Native Environment
• Learn to Implement DevOps in an Azure Cloud Native Environment
• Learn to Implement DevOps in a Google Cloud Native Environment
• Understand the Frameworks and Maturity Model in DevOps
• Evaluate Security Silos in DevOps

Module 02: Introduction to DevSecOps

• Addressing DevOps Process Security Bottlenecks and Challenges
• Understand DevSecOps
• Understand DevSecOps Culture
• Understand Continuous Security in DevSecOps
• Understand DevSecOps Strategy
• Understand DevSecOps Tools
• Leveraging Artificial Intelligence (AI) in DevSecOps

Module 03: DevSecOps Pipeline-Plan Stage

• Understand Continuous Threat Modeling in the DevSecOps Pipeline
• Learn to Integrate Threat Modeling Tools
• Learn to Gather Security Requirements from Business Functionality
• Address Technical Security Debts
• Learn to Run Pre-Commit Checks in the Plan Stage
• Understand Secure Code Training and Awareness
• Understand Security Tools Training

Module 04: DevSecOps Pipeline-Code Stage

• Learn to Integrate Security Plugins in IDEs
• Learn to Configure and Manage Code Scanning for GitHub Repository
• Learn to Integrate and Scan Source Code Repository
• Learn to Integrate Secret Management Tools
• Learn to Integrate Software Composition Analysis (SCA) Tools
• Learn to Integrate SCA Tools with IDE

Module 05: DevSecOps Pipeline-Build ans Test Stage

• Learn to Integrate SAST Tool
• Learn to Integrate SAST Tool with AWS Cloud
• Learn to Integrate SAST Tool with Microsoft Azure
• Learn to Integrate SAST Tool with Google Cloud
• Conducting Manual Secure Code Review
• Learn to Integrate DAST Tool with AWS
• Learn to Integrate DAST Tool with Microsoft Azure
• Learn to Integrate DAST Tool with Google Cloud
• Learn to Integrate IAST Tool
• Understand Security Testing Framework

Module 06: DevSecOps Pipeline-Release and Deploy Stage

• Learn to Integrate RASP Tool
• Learn to Conduct Penetration Testing
• Learn to Integrate Vulnerability Scanning Tool
• Understand Bug Bounty Program
• Learn to Integrate Threat Detection Tools
• Understand Infrastructure Deployment using Infrastructure as Code (IaC)
• Learn Infrastructure Provisioning as Code (IaC) using Terraform
• Learn Infrastructure Provisioning as Code (IaC) using Pulumi
• Learn to Integrate AWS CloudFormation
• Learn to Integrate Configuration Orchestration Tools: Ansible
• Learn to Integrate Configuration Orchestration Tools: Chef
• Learn to Integrate Configuration Orchestration Tools: Puppet
• Learn to Integrate Configuration Orchestration Tools: Azure Resource Management
• Learn to Integrate Binary Authorization to Secure GCP Deployment

Module 07: DevSecOps Pipeline-Operate and Monitor Stage

• Understand Security Activities in the Operate and Monitor Stage
• Learn to Scan Infrastructure as Code (IaC) for Vulnerabilities
• Learn to Scan Infrastructure for Vulnerabilities
• Learn to Secure Jenkins
• Learn to Integrate Compliance as Code (CaC) Tools
• Integration of Compliance as Code (CaC) Tools
• Learn to Integrate Logging, Monitoring, and Alerting Tools- Monitoring in AWS
• Understand Monitoring Features in AWS
• Understand Monitoring Features in Azure
• Understand Monitoring Features in Google Cloud
• Learn to Integrate WAF
• Learn to Integrate Patch Management
• Learn to Integrate Continuous Feedback
• Understand Incident Reponse in DevSecOps
• Understand High Availability, Fault Tolerance, and Disaster Recovery in DevSecOps

Für eine optimale Teilnahme am Kurs empfehlen wir folgende Vorkenntnisse:

• Vorkenntnisse in DevOps und IT Sicherheits-Konzepten

• Fachleute / Beauftragte für Informationssicherheit
• DevOps Entwickler
• Softwareentwickler und Softwaretester
• IT-Security Professionals
• Cyber Security Entwickler und Analysten
• Alle, die eine Karriere mit DevSecOps planen