Detailed Course Outline
- Introduction and overview of DevOps
- What and Why of DevSecOps?
- Integrating Security in CI/CD
- Vulnerability Management using Archerysec
- Secret Management using Vault, Jenkins and Docker Secrets
- Security in Developer Workstations: Pre-Commit Hooks using Talisman
- Software Composition Analysis using Dependency-Checker
- SAST - Static Application Security Testing using FindSecBugs
- DAST - Dynamic Application Security Testing using ZAP and OpenVAS
- Compliance as Code using Inspec
- Security in Infrastructure as a Code using Clair
- Production Real-Time Alerting and Monitoring using Modsecurity WAF
- DevSecOps in AWS
- Challenges in DevSecOps
- DevSecOps Enablers