Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    Devsecops - Contents

    Uploaded by

    m.d.may6

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Devsecops - Contents

    Uploaded by

    m.d.may6
    2 views8 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    2 views8 pages

    Devsecops - Contents

    Uploaded by

    m.d.may6

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 8

    

    
    

    www.infosectrain.com | sales@infosectrain.com
    Overview

    COURSE HIGHLIGHTS

    40 Hours of Learn with Post Training


    Instructor-led Practical Approach Support
    Training

    Access to Free Career


    Recorded Sessions Guidance

    COURSE OVERVIEW
    DevSecOps: Practical Approach training course from InfosecTrain has been
    meticulously crafted to equip participants with an extensive comprehension and
    hands-on expertise in the seamless implementation of DevSecOps practices within the
    context of a Docker and Kubernetes environment, with specific emphasis on Spring
    Boot applications.

    Throughout this comprehensive training course, participants will delve into the optimal
    utilization of Docker and Kubernetes to establish streamlined DevOps workflows,
    skillfully integrating security measures at every stage of the software development
    lifecycle. The course curriculum thoughtfully merges theoretical concepts with
    immersive, hands-on labs and a compelling Spring Boot application demonstration,
    ensuring participants garner a profound understanding of the fundamental principles
    and best practices of DevSecOps.

    www.infosectrain.com | sales@infosectrain.com 02
    Why DevSecOps- Practical Approach Course with InfosecTrain?
    InfosecTrain is a leading IT security training and consulting organization offering
    best-in-class yet cost-effective, customized training programs to enterprises and
    individuals across the globe. We offer role-specific certification training programs and
    prepare professionals for the future. Our DevSecOps: Practical Approach training
    course will equip you with comprehensive skills in implementing DevSecOps practices
    within a Docker and Kubernetes environment, specifically emphasizing Spring Boot
    applications.

    Here’s what you get when you choose InfosecTrain as your learning partner:

    • Flexible Schedule: Training sessions to match your schedule and accommodate


    your needs.
    • Post Training Support with No Expiry Date: Ongoing assistance and support until
    the learners achieve their certification goals.
    • Recorded Sessions: Access to LMS or recorded sessions for post-training reference.
    • Customized Training: A training program that caters to your specific learning
    needs.
    • Knowledge Sharing Community: Collaborative group discussions to facilitate
    knowledge sharing and learning.
    • Certificate: Each candidate receives a certificate of participation as a testament to
    their accomplishment.
    • Expert Career Guidance: Free Career Guidance and support from industry experts.

    TARGET AUDIENCE
    • DevOps Engineers
    • Security Engineers
    • Software Engineers
    • System Administrators
    • Architects and Product Managers

    PRE-REQUISITE
    • Basic knowledge of Linux command-line usage, containerization concepts,
    and general DevOps practices.
    • Understanding of Spring Boot application development and Jenkins is required.

    www.infosectrain.com | sales@infosectrain.com 03
    COURSE OBJECTIVES
    • Understand DevSecOps principles, benefits, and challenges
    • Familiarize with Docker and Kubernetes for container management
    • Deploy Spring Boot applications on Kubernetes
    • Implement CI/CD pipelines using Jenkins and Kubernetes
    • Perform vulnerability scanning and testing in DevSecOps
    • Utilize tools for identifying code and resource vulnerabilities
    • Secure Kubernetes networking and communication with TLS
    • Authenticate and authorize Kubernetes API Server, etc
    • Monitor Kubernetes for security
    • Manage secrets and sensitive data in the DevSecOps pipeline
    • Learn about popular secrets management tools like HashiCorp Vault
    • Integrate Vault with Kubernetes for secure secret injection
    • Explore bonus topics covering security orchestration tools

    www.infosectrain.com | sales@infosectrain.com 04
    COURSE CONTENT

    • Introduction to DevSecOps, Containers (Docker), and Orchestration

    (K8S) Fundamentals and Security Concepts

    • Building and Managing Spring Boot Applications on Kubernetes

    • Vulnerability Scanning and Testing in DevSecOps

    • Kubernetes Network and Operation Security

    • Manage Secrets and Protect Sensitive Data in DevSecOps Pipeline

    • Bonus Topic: Hands-on with Security Orchestration Tools

    www.infosectrain.com | sales@infosectrain.com 05
    Introduction to DevSecOps, Containers (Docker), and Orchestration
    (K8S) Fundamentals and Security Concepts
    • Introduction to DevSecOps: Principles, Benefits, and Challenges
    • Overview of Docker and Container Orchestration (K8S)
    • Setting up the Development Environment: Kubernetes Cluster Setup
    • Deploying Spring Boot Applications on Kubernetes
    • Basic Kubernetes Operations and Concepts

    Building and Managing Spring Boot Applications on Kubernetes

    • Containerizing Spring Boot Applications: Dockerizing and Publishing to


    Container Registry
    • Working with Kubernetes Objects: Pods, Deployments, Services, ConfigMaps,
    and Secrets
    • Continuous Integration and Continuous Deployment (CI/CD) Pipelines with
    Kubernetes and Jenkins
    • Best Practices for Building and Managing Spring Boot Applications on
    Kubernetes

    Vulnerability Scanning and Testing in DevSecOps

    • Git Hooks and Talisman HandsOn


    • Identifying Vulnerabilities in Dependencies, Dockerfiles, Images, and Kubernetes
    Resources
    • Unit Testing and Mutation Testing for Code Quality
    • Static Application Security Testing (SAST) - SonarQube
    • SCA - Dependency Check
    • Dynamic Application Security Testing (DAST) - Owasp ZAP
    • GitLeaks, GitSceret
    • Kubesec
    • Trivy - Kubernetes
    • Integration Testing and Security Considerations
    • OWASP ZAP - Jenkins Integration
    • Issue / Bug Triaging

    www.infosectrain.com | sales@infosectrain.com 06
    Kubernetes Network and Operation Security

    • Kubernetes Networking Basics: Services, Ingress, and Load Balancing


    • Network Policies for Isolating and Controlling Traffic
    • Implementing Secure Communication with TLS Certificates
    • Protecting Kubernetes API Server, etc.: Authentication and Authorization
    • CIS Benchmarking and Kube-bench
    • K8S Monitoring
    • Prometheus & Grafana, Falco, slack
    • Kubescan
    • CSPM tool (Optix, Aquasec, Checkpoint)

    Manage Secrets and Protect Sensitive Data in DevSecOps Pipeline

    • Understanding the Importance of Secret Management


    • Introduction to Secure Key Management and Encryption
    • Overview of Popular Secrets Management Tools (e.g., HashiCorp Vault, AWS
    Secrets Manager, Azure Key Vault)
    • Hands-on HashiCorp Vault, Including Secrets Engine, Authentication, and
    Authorization
    • Integrating Vault with K8S
    • Secret Injection into Kubernetes Pods

    Bonus Topic: Hands-on with Security Orchestration Tools

    • DefectDojo
    • Archery
    • Kubernetes-goat

    www.infosectrain.com | sales@infosectrain.com 07
    COURSE BENEFITS
    $130,250

    $130,000
    $120,250

    $110,000
    $100,000

    $95,000

    $87,000

    DevSecOps Cloud DevSecOps DevSecOps DevSecOps DevSecOps DevSecOps DevSecOps CI/


    Engineer/ Engineer System System Consultant Specialist CD Engineer
    Senior DevSecOps Administrator Engineer
    Engineer

    HIRING COMPANIES

    Source: Indeed, Glassdoor

    www.infosectrain.com | sales@infosectrain.com 08

    You might also like