Scribd Logo
Upload

Welcome to Scribd!

  • Devsecops Course Content: Module-1 Devops Basics

    Uploaded by

    helo name
    57 views3 pages

    Original Title

    DevSecOps Course Content

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    57 views3 pages

    Devsecops Course Content: Module-1 Devops Basics

    Uploaded by

    helo name

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    DevSecOps Course Content

    Module-1 DevOps Basics

     Getting Started all about DevOps


     Version Control System
     Testing
     Building Project
     Continuous Integration
     What is Continuous Integration and Continuous Deployment?
    o Continuous Integration to Continuous Deployment to Continuous Delivery.
    o Continuous Delivery vs Continuous Deployment.
    o General workflow of CI/CD pipeline.
    o Blue/Green deployment strategy
    o Achieving full automation.
    o Designing a CI/CD pipeline for web application.
     Common Challenges faced when using DevOps principle.
     Infra-as-a-Code

    Practical Demo:

     Git and GitHub


     Selenium Interaction
     PyTest: Python testing Framework

    Module-2 DevSecOps Basics

     Getting started all about DevSecOps


     Secure SDLC
     Security Requirements
     Threat Modelling
     SAST and DAST
     Security Monitoring and Compliance
     DevSecOps Maturity Model - DSOMM
     Automated Code Review

    Practical Demo:

     Finding security issues in code using PMD


     DevSkim tool demo
    Module-3 Sensitive Information Scan and Software Component Analysis – CSA in pipeline

     Overview on Software Component Analysis


     Tools overview in SCA
     Sensitive Information Scanning

    Practical Demo:

     Finding security issues in code using TruffleHog and GitSecrets

    Moduel-4 SAST overview

     SAST Overview
     Challenges and Limitation
     Pipelince and CD
     Scanning Techniques and methods

    Practical Demo:

     Continuous Code Quality Monitoring on SonarQube


     Scanning Python Code for Issues – Bandit
     Spotbugs – Bugs in Java code

    Module-5 DAST overview

     DAST introduction
     Challenges and Issues
     SSL configuration and testing

    Practical Demo:

     OWASP ZAP
     BDD Security: Behaviour Driven Development
     Automatic WebApp Scanning
     Burp suite Testing

    Module-6 Software Composition Analysis and Compliance

     Overview on SCA
     Challenges and Issue
     Compliance as Code
     Analysing the code and testing

    Practical Demo:

     Automating Compliance Checks – Inspec


     Automating Compliance Checks – OpenSCAP
     Automating Configuration Tests – ServerSpec

    Module-7 Vulnerability Management

     Vulnerability Assessment and Penetration testing


     VM vs VA
     Management in Organization on threats and bugs

    Practical Demo:

     Vulnerability Management through Defect Dojo

    You might also like