LEARN
40+
TOOLS
Practical
DevSecOps
Online Training
www.infosectrain.com
�Program Highlights
InfosecTrain’s Practical DevSecOps course provides a comprehensive, hands-on
learning experience in implementing DevSecOps practices within Docker and
Kubernetes environments, specifically emphasizing Spring Boot applications. This
course blends theoretical knowledge with immersive labs and a compelling
Spring Boot application demonstration to ensure a profound understanding of
DevSecOps principles and best practices.
Tools Covered
Jenkins GitHub SonarQube OWASP ZAP
Actions
Docker Ansible kubernetes Terraform
and many
more...
OpenScap Defect Dojo SonarCloud
www.infosectrain.com
�Course Highlights
40 Hours LIVE Career Guidance and
Instructor-led Training Mentorship
Access to 40+
Recorded Sessions Open-Source Tools
Comprehensive Hands-On Practical Approach with
Projects for Each Tool Scenario-Based Learning
Cover 6+ Intermediate Integrated Learning Project
Learning Projects (ILP) after Every Topic
1 Capstone Project Simulating Real-World
DevSecOps Implementation
www.infosectrain.com
�Target Audience
DevOps Engineers
Security Engineers
Software Engineers
System Administrators
Architects and Product Managers
Developers
Testers
Cloud Architects
Cloud Infrastructure Specialists
www.infosectrain.com
�Pre-Requisites
Basic knowledge of Linux command-line usage, containerization
concepts, and general DevOps practices.
Understanding of Spring Boot application development and Jenkins
is required.
Technical background or B.E/B.Tech degree.
Course Objectives
Understand DevSecOps principles, benefits, and challenges
Familiarize with Docker and Kubernetes for container management
Implement CI/CD pipelines using Kubernetes
Perform vulnerability scanning and testing in DevSecOps
Utilize tools for identifying code and resource vulnerabilities
Secure Kubernetes networking and communication with TLS
Authenticate and authorize Kubernetes API Server, etc
Monitor Kubernetes for security
Manage secrets and sensitive data in the DevSecOps pipeline
Learn about popular secrets management tools like HashiCorp Vault
Integrate Vault with Kubernetes for secure secret injection
Explore bonus topics covering security orchestration tools
www.infosectrain.com
� Intermediate Learning
Tools Covered : 40+ Capstone Project: 1
Projects: 6
Course Content
Introduction To The Basics
What is DevOps?
What is Continuous Integration and Continuous Deployment?
DevOps vs. DevSecOps vs. Rugged DevOps
Introduction to DevSecOps and Its Benefits
Introduction To The Tools
Git/Github
GitHub Actions/Jenkins
OWASP ZAP
Ansible
Docker
K8S
Inspec
Software Component Analysis (SCA) in CI/CD Pipeline
SCA Introduction
Tools Used for SCA
Demo/Hands-On (OWASP Dependency Checker/RetireJS/Safety)
Intermediate Project- 1
www.infosectrain.com
�SAST (Static Analysis) in CI/CD Pipeline
SAST Introduction
Tools Used for SAST
Demo/Hands-On(SpotBugs,SonarQube,SonarCloud)
Intermediate Project- 2
DAST (Dynamic Analysis) in CI/CD Pipeline
DAST Introduction
Tools Used for DAST
Demo/Hands-On(OWASP ZAP)
Intermediate Project- 3
Infrastructure As Code And Its Security
IaaC Introduction
Tools Used for IaaC
Demo/Hands-On(Docker,Ansible,Terraform)
Intermediate Project- 4
Compliance/Audit/Policy As Code
Policy as a Code Introduction
Tools Used for Compliance/Audit as Code
Demo/Hands-On(Inspec/OpenScap)
Intermediate Project- 5
www.infosectrain.com
�Vulnerability Management
Vulnerability Management Introduction
Tools Used for Vulnerability Management
Demo/Hands-On(Defect Dojo)
Intermediate Project- 6
Final Capstone Project:
Integrating All the Tools in a Single CI/CD Pipeline
www.infosectrain.com
�www.infosectrain.com | [email protected]
