> Checkpoint Certification > CCPA DevSecOps - Certification
Course Description
As part of this workshop attendees will receive a state-of-the-art DevSecOps tool-chest comprising of various open-source tools and scripts to help the DevOps engineers in automating security within the CI/CD pipeline. While the workshop uses Java/J2EE framework, the workshop is language agnostic and similar tools can be used against other application development frameworks
Course Details
Learn How To
- Gain practical experience with tools that will serve you in the future, Learn core infrastructure techniques, Go forward into more advanced infrastructure topics
Prerequisites
- Our workshop will be delivered as an interactive session, so the attendees only need to carry a laptop with them. We also encourage the attendees to download and try the tools and techniques discussed during the workshop as the instructor is demonstrating it
Course Details
1. Introduction To Devops
- What is DevOps?
- Creating a DevOps pipeline
2. Introduction to Devsecops
- Security challenges in DevOps
- Threat modelling for DevOps
- DevSecOps – why you need it, how you use it, and what it is
- Vulnerability management
3. Continuous Integration
- Pre-commit hooks
- Introduction to Talisman
- Running Talisman
- Create your own regexes for Talisman
- Secrets management
- Introduction to HashiCorp Vault
- Vault commands
4. Continuous Delivery
- Software Composition Analysis (SCA)
- Introduction to OWASP Dependency-Check
- Run OWASP Dependency-Check pipeline
- Fix issues reported by Dependency-Check
- Static Analysis Security Testing (SAST)
- Introduction to Semgrep
- Run Semgrep pipeline
- Create your own Semgrep rules
- Fix issues reported by Semgrep
- Dynamic Analysis Security Testing (DAST)
- Introduction to OWASP ZAP
- Creating OWASP ZAP Context File
- Run OWASP ZAP in pipeline
5. Infrastructure as Code
- Vulnerability Assessment (VA)
- Introduction to OpenVAS
- Run OpenVAS pipeline
- Container Security (CS)
- Introduction to Trivy
- Run Trivy in Pipeline
- Improvise Docker base image
- Compliance as Code (CaC)
- Introduction to Chef Inspec
- Run Chef Inspec in pipeline
- Improvise with Docker compliancy controls
6. Continuous Monitoring
- Logging – why to do it, how, and what logs to collect.
- Introduction to the ELK Stack
- View Logs in Kibana
- Alerting – how to create alerts that help you prioritize
- Introduction to ElastAlert and ModSecurity
- View alerts in Kibana
- Monitoring – how to track and learn from malicious activity
- Create Attack Dashboards in Kibana
7. Devsecops in Aws
- What does DevOps on Cloud Native AWS look like?
- AWS threat landscape
- Shifting to DevSecOps in Cloud Native AWS
8. Devsecops Challenges and Enablers
- Challenges with DevSecOps
- How to build a DevSecOps culture
- Security champions – how to create DevSecOps advocates across your team
- Case study: how organizations use automation to implement development security best practice
- Where to begin
- DevSecOps maturity model
| Fees Structure : | 22500 INR / 270 USD |
| Total No of Class : | 58 Video Class |
| Class Duration : | 38:30 Working Hours |
| Download Feature : | Download Avalable |
| Technical Support : | Call / Whatsapp : +91 8680961847 |
| Working Hours : | Monday to Firday 9 AM to 6 PM |
| Payment Mode : | Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay) |
| Fees Structure : | 30500 INR / 365 USD |
| Class Duration : | 60 Days |
| Class Recording : | Live Class Recording available |
| Class Time : | Monday to Firday 1.5 hours per day / Weekend 3 Hours per day |
| Technical Support : | Call / Whatsapp : +91 8680961847 |
| Working Hours : | Monday to Firday 9 AM to 6 PM |
| Payment Mode : | Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay) |
