Teachera - DevSecOps Course Syllabus The most comprehensive DevSecOps Course on the planet.

Welcome to the world's most comprehensive DevSecOps course. By the end of this course, you will be able to embed security as part of DevOps or in CI/CD pipelines with confidence.

We will start off with the basics of the DevOps and DevSecOps and move towards advanced concepts such as secrets management, tool selection to suit your needs.

Interested ? Click the below link to sign up for the course.

Join the Course
  1. Should know basics of linux and commands.
  2. Basic Application Security Practices like SAST, DAST, etc.,
  1. What is DevOps?
  2. DevOps Building Blocks- People, Process and Technology.
  3. DevOps Principles - Culture, Automation, Measurement and Sharing (CAMS)
  4. Important Factors - Speed, Reliability, Availability, Scalability, Automation, Cost and Visibility.
  5. What is Continuous Integration and Continuous Deployment?.
    1. Continuous Integration to Continuous Deployment to Continuous Delivery.
    2. Continuous Delivery vs Continuous Deployment.
    3. General workflow of CI/CD pipeline.
    4. Blue/Green deployment strategy
    5. Achieving full automation.
    6. Designing a CI/CD pipeline for web application.
  6. Common Challenges faced when using DevOps principle.
  7. Case studies on DevOps of cutting edge technology at Facebook, Amazon and Google
  1. Github/BitBucket
  2. Vagrant
  3. Docker
  4. Terraform
  5. Ansible
  6. Jenkins/Travis
  7. Spinnaker
  8. Gauntlt
  9. AWS
  10. OpenScap
  11. Consul/Vault
  12. Demo: Use Vagrant to practice Infrastructure as a Code
  13. Demo: Building a CI Pipeline using Jenkins/Travis and github/bitbucket.
  14. Demo: Use the above tools to create a complete CI/CD pipeline.
  1. What is Secure SDLC
  2. Secure SDLC Activities and Security Gates
    1. Security Requirements ( Requirements)
    2. Threat Modelling (Design)
    3. Static Analysis and Secure by Default ( Implementation)
    4. Dynamic Analysis(Testing)
    5. OS Hardening, Web/Application Hardening (Deploy)
    6. Security Monitoring/Compliance (Maintain)
  3. Usings tools of the trade to do the above activities in CI/CD
  4. Embedding Security as part of CI/CD pipeline
  5. DevSecOps and challenges with Pentesting and Vulnerability Assessment.
  1. What is Cloud Computing
  2. IaaS, PaaS, SaaS
  3. Key cloud computing characteristics
  4. Cloud deployment methodologies
  5. What is AWS/GCP
  6. AWS Services and Use Cases
  7. EC2 Introduction
  8. OpenScap
  9. AWS CLI
  10. VPC and Security Groups.
  11. Deployment to Cloud.
    1. Deploying to Cloud vs Own Datacenter
    2. Deploying to AWS via EC2
    3. Using AWS S3 and Cloudfront to enable CDN for a web application
    4. Demo: Automating AWS infrastructure via TerraForm aka Infrastructure as a code.
  12. Security
    1. AWS IAM and Security Groups.
    2. AWS Security Token Service (STS) and CloudHSM.
    3. AWS VPC and API Gateway.
    4. AWS WAF and Key Management.
    5. Compliance and Legal Issues in Cloud.
  1. What is Docker
  2. Docker vs Vagrant
  3. Basics of Docker
  4. Container Security
  5. Demo: Deploying docker containers to AWS EC2 container service
  6. Demo: Setup Docker container and Push to Docker Hub
  1. Managing configurations with Ansible and Chef
  2. Deployment of Docker container at Scale
  3. Demo: Monitoring Security of the Cloud using ELK stack.
  4. Secret Management in Cloud
    1. Environment Variables and Configuration files.
    2. Docker, Immutable systems and its security challenges.
    3. Secrets management with Vault and consul.
  5. Version Control systems and Secrets.
  6. Demo: Secure store Encryption keys and other secrets using Vault/Consul.
  1. What is Static Application Security Testing.
  2. Static Analysis and Its challenges.
  3. Embedding SAST tools like fortify, checkmarx, find bugs into the pipeline.
  4. Demo: using FindBugs to scan Java code.
  5. Demo: using brakeman/bandit to scan Ruby on Rails and Python Code Base.
  1. What is Dynamic Application Security Testing.
  2. Dynamic Analysis and Its challenges (Session Management, AJAX Crawling).
  3. Embedding DAST tools like ZAP and BurpSuite into the pipeline.
  4. Demo: using ZAP to configure per commit/weekly/monthly scans.
  1. What is Runtime Analysis Application Security Testing?.
  2. RASP vs IAST.
  3. Dynamic Analysis and Its challenges (Session Management, AJAX Crawling).
  4. Embedding DAST tools like ZAP and BurpSuite into the pipeline.
  5. Demo: using ZAP to configure per commit/weekly/monthly scans.
  1. What is Infrastructure as Code and its benefits
  2. Tools and Services which helps to achieve IaaC
  3. Demo: Vagrant, Docker, AWS and Terraform
  1. Approaches to manage the vulnerabilities in the organization.
  2. False positives and False Negatives.
  3. Culture and Vulnerability Management.
  1. Approaches for patching running applications.
  2. Approaches for patching Immutable applications.
  3. Hot swap EC2 instances using Ansible.
  4. Security Monitoring using Elastic Search, Logstash and Kibana.

Join the Course
Scroll to Top