DevSecOps Training

Devsecops training in Mumbai at Upshot Technologies, No.1 Devsecops training institute in Mumbai will serve as your one-stop-shop for learning DevSecOps. The Devsecops Course in Mumbai will provide you access to the appropriate security tools for the task at hand while managing, maintaining, and automating security. These are the tools that will eventually guarantee that your business applications stay safe.

Devsecops Course in Mumbai at the Devsecops certification training in Mumbai is a well-structured and intensive course with a lot of content. In summary, the training was a fantastic learning experience that was very well organized and fairly intensive. Our instructors are delighted to address and answer all of our questions, and that he wanted to ensure that we understood the relationship between different DevOps processes.

Course Content:

• Section 1: An Introduction to the Basics
• What is DevOps?
• DevOps Building Blocks- People, Process and Technology.
• DevOps Principles – Culture, Automation, Measurement and Sharing (CAMS)
• Benefits of DevOps – Speed, Reliability, Availability, Scalability, Automation, Cost and Visibility.
• What is Continuous Integration and Continuous Deployment?.
• Continuous Integration to Continuous Deployment to Continuous Delivery.
• Continuous Delivery vs Continuous Deployment.
• General workflow of CI/CD pipeline.
• Blue/Green deployment strategy
• Achieving full automation.
• Designing a CI/CD pipeline for web application.
• Common Challenges faced when using DevOps principle.
• Case studies on DevOps of cutting edge technology at Facebook, Amazon and Google
• Section 2: Introduction to the Tools of the trade
• Gitlab/BitBucket/Github/
• Docker
• Gitlab CI/Bitbucket/Jenkins/Travis/
• OWASP ZAP/
• Ansible
• Inspec
• Hands-On Labs: Building a CI Pipeline using Gitlab CI/Jenkins/Travis and Gitlab/Github/bitbucket.
• Hands-On Labs: Use the above tools to create a complete CI/CD pipeline.
• Section 3: Secure SDLC and CI/CD pipeline
• What is Secure SDLC
• Secure SDLC Activities and Security Gates
• Security Requirements ( Requirements)
• Threat Modelling (Design)
• Static Analysis and Secure by Default ( Implementation)
• Dynamic Analysis(Testing)
• OS Hardening, Web/Application Hardening (Deploy)
• Security Monitoring/Compliance (Maintain)
• DevSecOps Maturity Model (DSOMM)
• Maturity levels and tasks involved
• 4-axes in DSOMM
• How to go from Maturity Level 1 to Maturity Level 4
• Best practices for Maturity Level 1
• Considerations for Maturity Level 2
• Challenges in Maturity Level 3
• Dream of achieving Maturity Level 2
• Usings tools of the trade to do the above activities in CI/CD
• Embedding Security as part of CI/CD pipeline
• DevSecOps and challenges with Pentesting and Vulnerability Assessment.
• Hands-on: Create a CI/CD pipeline suitable for modern application.
• Hands-on: Manage the findings in a fully automated pipeline.
• Section 4: Software Component Analysis (SCA) in CI/CD pipeline
• What is Software Component Analysis.
• Software Component Analysis and Its challenges.
• What to look in a SCA solution (Free or Commercial).
• Embedding SCA tools like OWASP Dependency Checker, Safety, RetireJs and NPM Audit, Snyk into the pipeline.
• Demo: using OWASP Dependency Checker to scan third party component vulnerabilities in Java Code Base.
• Hands-On Labs: using RetireJS and NPM to scan third party component vulnerabilities in Javascript Code Base.
• Hands-On Labs: using Safety/pip to scan third party component vulnerabilities in Python Code Base.