Course Content

1. DevSecOps Understanding

a. SDLC Model in the past.

b. IDLC model in the past.

c. The trend of SDLC/IDLC in modern days.

d. Challenges for large/middle based organization.

2. What is DevSecOps

a. DevSecOps Introduction

b. DevSecOps – Key Tenants

c. Business benefits.

d. Technical benefits.

3. DevSecOps Transition

a. Why DevSecOps

b. Shift left

c. DevSecOps Adoption & Implementation.

4. DevSecOps Automation.

a. Tools

i. ALM tools JIRA, Azure Board

ii. Orchestrator tools for CI/CD: Jenkins, Azure DevOps

iii. Build Tools: Maven, MS Build

iv. Monitoring Tools

1. Application Monitoring

2. Infrastructure Monitoring

3. Container Monitoring

v. SCM Tools: GIT, GITLab, BitBucket

vi. Testing Tools

1. Unit Testing: Junit, Nunit, TestNG

2. Functional Testing: Selenium

3. API Testing: SOAP UI

4. Service Virtualization

5. Performance Testing: Jmeter

b. IAC/CM Tools and Frameworks

i. IAC Frameworks importance

ii. Mutable/Immutable Architecture.

iii. CM Tools, Ansible

IV. IAC Tool: Terraform

c. Reporting and Dashboard: Splunk

5. Myth about DevSecOps

6. Security

a. IDE Level Security: Sonar Lint

b. Open Source Compliance: White Source Bolt

c. SAST Sonar

d. OWSAP

e. IAST

f. DAST: ZAP

g. PenTest: ZAP, Kali Linux

h. VM Scanning: Rapid 7

i. Docker Image/Container/Kubernetes Pods Security: Clair