Devsecops Essentials For The Absolute Beginners - Hands On

DevSecOps Basics & Fundamentals in Depth | Grow from Beginner to Advanced | Learn SAST, SCA, IAC, Container & DAST

What you'll learn

Learn DevSecOps Fundamentals

Learn SAST, SCA, IAC, Container Security, IAC Security Basics

Learn SAST scan using Fortify On Demand

Learn IDE Security Plugins like SonarLint and Snyk

Learn Container Security scan using Snyk

Learn to implement an End to End DevSecOps pipeline using Jenkins

Learn Basics of DevSecOps and Application Security

Learn Intermediate to Advanced level processes in DevSecOps

Learn to create your CV for Security/DevSecOps Jobs

Learn about DevSecOps Maturity Model

Learn SCA scan using Snyk

Learn IAC Security Scan using Checkov from BridgeCrew

Learn to run SAST scan using SonarQube with and without CI/CD pipeline

Learn about Roles and Responsibilities of a DevSecOps Engineer

Learn SBOM and SCA

Requirements

No Programming Knowledge Needed. We will teach about Security and DevSecOps from Scratch

Description

Course Updates:v 1.0 - Feb 2023Updated course with lectures and notes on IAC Security scan using BridgeCrew––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––Who shall take this course?This DevSecOps course is designed for Security Engineers, DevOps Engineers, SRE, QA Professionals and Freshers looking to find a job in the field of security. This is a focused DevSecOps course with a special focus on all the basic to advanced level DevSecOps information that is needed to find a job in Security domain and work in an organization. This course also teaches to implement an End to End DevSecOps pipeline for a Java Project.Learn and implement security in DevOps pipeline, get Hands On experience in using Security tools & technologies. This course is for:DevelopersDevOpsSecurity EngineersAspiring professional in the Security domainQuality Assurance EngineersInfoSec/AppSec Professional DevSecOps being the hot skill, will help you to secure a high-salaried job and stay informed on the latest market trends. ––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––Why purchase this course?This is only practical hands-on course available on the internet till now.DevSecOps enables rapid application development with agility, at the same time it secures your application with automated security checks integrated within the pipeline. It helps to increase productivity and security by integrating security stages in the pipeline.Also, we have included practical examples to implement security in the DevOps pipeline through various tools.By the end of the course, you will be able to successfully implement DevOps or DevSecOps pipeline and lead initiatives to create, build and maintain security pipelines in your project.No Action required before taking this course. For any question or concerns, Please post your comments on discussions tabDisclaimer: English subtitles are auto-generated so please ignore any grammar mistakes

Overview

Section 1: Introduction

Lecture 1 Introduction and Agenda

Lecture 2 What is DevSecOps and How its different from DevOps?

Section 2: Basic Level Security Concepts for DevSecOps Engineers

Lecture 3 Role and Responsibilities of DevSecOps Engineers in Enterprise Environment

Lecture 4 Static Application Security Testing and its tools

Lecture 5 Hands On: SAST scan using Fortify On Demand

Lecture 6 SBOM or Software Bill of Material (Also called SCA) and its tools

Lecture 7 Hands On: SCA scan using Snyk

Lecture 8 Dynamic Application Security Testing and its tools

Lecture 9 Hands On: DAST scan using Hosted OWASP ZAP

Lecture 10 Container Security Basics and its tools

Lecture 11 Hands On: Container Security scan using Snyk

Lecture 12 Infrastructure As Code Basics and its tools

Lecture 13 Hands On: IAC Security Scanning Demo using Checkov

Lecture 14 Hands On: IAC Security Scanning Demo using BridgeCrew

Lecture 15 What is CWE & CVE & CVSS?

Lecture 16 What is False Positive Analysis?

Lecture 17 Hands On: FPA Demo

Lecture 18 Hands On: Report security vulnerabilities in Ticketing tool like JIRA

Lecture 19 Hands On: Integrate JIRA with SonarCloud to create tickets with one-click

Section 3: Intermediate Level Concepts for DevSecOps Engineers

Lecture 20 What is DevSecOps Maturity Model?

Lecture 21 Basics of Docker Explained

Lecture 22 Hands On: SAST scan using SonarQube as a Docker image

Lecture 23 Basics of Git and GitHub Explained

Lecture 24 Hands On: Git Installation on local system

Lecture 25 Hands On: Learn Git Basics

Lecture 26 Git Commands for reference

Lecture 27 Basics of IDE plugins

Lecture 28 Hands On: Demo of IDE Plugins - SonarLint and Snyk IDE Plugins

Section 4: Advanced Level Concepts - End to End DevSecOps Pipeline with all tools learned

Lecture 29 Basics of CI/CD and its tools

Lecture 30 Hands On: Most Popular CI/CD Tool Demo - Jenkins Setup

Lecture 31 Hands On: Implement an End to End DevSecOps Pipeline using Jenkins on Windows

Section 5: Next Steps

Lecture 32 Hands On: Find Jobs on Job Hunting Platform

Lecture 33 Create CV for DevSecOps Engineer

Lecture 34 Bonus Lecture

This course is for Freshers, Security Engineers, Senior Security Engineers, DevSecOps Engineers, QA Engineers, DevOps Engineers and Security Architects