DevOps

DevSecOps

About this course

Course Outline

Module 1: Introduction to DevSecOps

Task: Introduction to DevSecOps:

Definition of DevSecOps
How it differs from DevOps
Real-world examples of security failures
DevSecOps principles and benefits

Outcomes:

Clear understanding of what DevSecOps is and why it’s important

Module 2: SDLC, Threats & Attack Vectors

Task: Threat Modeling Basics:

Overview of SDLC stages
Introduction to security touchpoints in SDLC
Understanding common attack vectors
Basic intro to STRIDE model

Outcomes:

Ability to identify threats across SDLC stages

Module 3: OWASP Top 10 – Part 1

Task: OWASP Top 10 (Part 1):

Cover top 5: Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), Broken Access Control — with examples

Outcomes:

Familiarity with most critical web application risks

Module 4: Secure Code Practices

Task: Secure Coding Guidelines:

Understanding secure coding principles: input validation, encoding, error handling, password management, basic intro to SAST

Outcomes:

Knowledge of how to write more secure code

Module 5: Static Code Scanning (SonarQube)

Topic: Run SonarQube Scan:

Install SonarQube using Docker
Scan a JavaScript or Java project
Review bugs
Vulnerabilities
Code smells

Outcomes:

Able to analyze code using SonarQube

Tools:

SonarQube
Docker

Module 6: Introduction to CodeQL

Topic: Run CodeQL:

Install CodeQL CLI
Use GitHub CodeQL repo
Run analysis
View and understand query results
Explore query customization

Outcomes:

Understand how to use CodeQL for deep code analysis

Tools:

CodeQL

Module 7: CI/CD Pipeline Overview

Topic: CI/CD Basics:

Understand CI/CD stages
Tools overview (GitHub Actions, GitLab)
Explain where security tools can be integrated
Pipeline visualization

Outcomes:

Know CI/CD stages and security injection points

Tools:

GitHub Actions

Module 8: Secure CI with SonarQube/Snyk

Topic: CI with Security Scans:

Integrate SonarQube or Snyk in a pipeline
Trigger automatic scans on pull request
See scan reports and logs

Outcomes:

Hands-on security in CI pipelines

Tools:

SonarQube
Snyk

$ 150

Start Your Enrollment

}

Duration

30hrs



Module



Need Help?
Get instant support from our team



Chat on WhatsApp

$ 150

Enroll Now

}



Module



DevOps

DevSecOps

About this course

Course Outline

Module 1: Introduction to DevSecOps

Task: Introduction to DevSecOps:

Outcomes:

Module 2: SDLC, Threats & Attack Vectors

Task: Threat Modeling Basics:

Outcomes:

Module 3: OWASP Top 10 – Part 1

Task: OWASP Top 10 (Part 1):

Outcomes:

Module 4: Secure Code Practices

Task: Secure Coding Guidelines:

Outcomes:

Module 5: Static Code Scanning (SonarQube)

Topic: Run SonarQube Scan:

Outcomes:

Tools:

Module 6: Introduction to CodeQL

Topic: Run CodeQL:

Outcomes:

Tools:

Module 7: CI/CD Pipeline Overview

Topic: CI/CD Basics:

Outcomes:

Tools:

Module 8: Secure CI with SonarQube/Snyk

Topic: CI with Security Scans:

Outcomes:

Tools:

Programs

Company

Support

DevSecOps Enrollment Form

DevOps

DevSecOps

About this course

Course Outline

Module 1: Introduction to DevSecOps

Task: Introduction to DevSecOps:

Outcomes:

Module 2: SDLC, Threats & Attack Vectors

Task: Threat Modeling Basics:

Outcomes:

Module 3: OWASP Top 10 – Part 1

Task: OWASP Top 10 (Part 1):

Outcomes:

Module 4: Secure Code Practices

Task: Secure Coding Guidelines:

Outcomes:

Module 5: Static Code Scanning (SonarQube)

Topic: Run SonarQube Scan:

Outcomes:

Tools:

Module 6: Introduction to CodeQL

Topic: Run CodeQL:

Outcomes:

Tools:

Module 7: CI/CD Pipeline Overview

Topic: CI/CD Basics:

Outcomes:

Tools:

Module 8: Secure CI with SonarQube/Snyk

Topic: CI with Security Scans:

Outcomes:

Tools: