Practical DevSecOps Training

InfosecTrain’s Practical DevSecOps course provides a comprehensive, hands-on learning experience in implementing DevSecOps practices within Docker and Kubernetes environments, specifically emphasizing Spring Boot applications.

This course blends theoretical knowledge with immersive labs and a compelling Spring Boot application demonstration to ensure a profound understanding of DevSecOps principles and best practices.

DevSecOps: Practical Approach training course from InfosecTrain has been meticulously crafted to equip participants with an extensive comprehension and hands-on expertise in the seamless implementation of DevSecOps practices within the context of a Docker and Kubernetes environment.

Throughout this comprehensive training course, participants will delve into the optimal utilization of Docker and Kubernetes to establish streamlined DevOps workflows, skillfully integrating security measures at every stage of the software development lifecycle.

The course curriculum thoughtfully merges theoretical concepts with immersive, hands-on labs and ensures participants garner a profound understanding of the fundamental principles and best practices of DevSecOps.

Course Curriculum:

• Introduction To The Basics
• What is DevOps?
• What is Continuous Integration and Continuous Deployment?
• DevOps vs. DevSecOps vs. Rugged DevOps
• Introduction to DevSecOps and Its Benefits
• Introduction To The Tools
• Git/Github
• GitHub Actions/Jenkins
• OWASP ZAP
• Ansible
• Docker
• K8S
• Inspec
• Software Component Analysis (SCA) in CI/CD Pipeline
• SCA Introduction
• Tools Used for SCA
• Demo/Hands-On (OWASP Dependency Checker/RetireJS/Safety)
• Intermediate Project- 1
• SAST (Static Analysis) in CI/CD Pipeline
• SAST Introduction
• Tools Used for SAST
• Demo/Hands-On(SpotBugs,SonarQube,SonarCloud)
• Intermediate Project- 2
• DAST (Dynamic Analysis) in CI/CD Pipeline
• DAST Introduction
• Tools Used for DAST
• Demo/Hands-On(OWASP ZAP)
• Intermediate Project- 3
• Infrastructure As Code And Its Security
• IaaC Introduction
• Tools Used for IaaC
• Demo/Hands-On(Docker,Ansible,Terraform)
• Intermediate Project- 4
   
• Compliance/Audit/Policy As Code
• Policy as a Code Introduction
• Tools Used for Compliance/Audit as Code
• Demo/Hands-On(Inspec/OpenScap)
• Intermediate Project- 5
• Vulnerability Management
• Vulnerability Management Introduction
• Tools Used for Vulnerability Management
• Demo/Hands-On(Defect Dojo)
• Intermediate Project- 6

Pre-requisites:

• Basic knowledge of Linux command-line usage, containerization concepts, and general DevOps practices
• Understanding of Spring Boot application development and Jenkins is required.
• Technical background or B.E/B.Tech degree

Course Objectives:

• Understand DevSecOps principles, benefits, and challenges
• Familiarize with Docker and Kubernetes for container management
• Implement CI/CD pipelines using Kubernetes
• Perform vulnerability scanning and testing in DevSecOps
• Utilize tools for identifying code and resource vulnerabilities
• Secure Kubernetes networking and communication with TLS
• Authenticate and authorize Kubernetes API Server, etc
• Monitor Kubernetes for security
• Manage secrets and sensitive data in the DevSecOps pipeline
• Learn about popular secrets management tools like HashiCorp Vault
• Integrate Vault with Kubernetes for secure secret injection
• Explore bonus topics covering security orchestration tools