Devops (Development and Operations)

Course Description

This course provides an in-depth understanding of DevSecOps principles and practices, focusing on embedding security into the software development lifecycle. It covers secure development, automation, testing, continuous integration, and deployment processes while emphasizing security from design to delivery.


Learning Objectives

By the end of this course, students will be able to:

  • Understand DevSecOps fundamentals, concepts, and practices.
  • Identify and mitigate common security risks in application development.
  • Implement secure coding practices and perform code reviews.
  • Automate security testing, vulnerability scanning, and compliance checks.
  • Integrate security into CI/CD pipelines and DevOps workflows.
  • Develop and deploy secure applications with infrastructure as code.
  • Monitor, detect, and respond to security incidents in a DevOps environment.

Course Outline

Module 1: Introduction to DevSecOps

  • History and Evolution of DevOps and DevSecOps
  • Key DevSecOps Principles and Practices
  • Differences Between DevOps, SecOps, and DevSecOps
  • DevSecOps and Agile Methodologies

Module 2: Secure Development Lifecycle (SDLC)

  • Overview of SDLC Phases and Security Considerations
  • Secure Coding Practices
  • Threat Modeling
  • Code Review and Static Application Security Testing (SAST)

Module 3: Application Security Fundamentals

  • Common Vulnerabilities and Security Risks (OWASP Top Ten)
  • Secure Coding Standards and Best Practices
  • Vulnerability Assessment and Management

Module 4: Security Automation in CI/CD Pipelines

  • Designing a CI/CD Pipeline with Security in Mind
  • Automated Security Testing Tools (SAST, DAST, SCA)
  • Integrating Security Checks in CI/CD Pipelines
  • Infrastructure as Code (IaC) Security

Module 5: Container Security

  • Basics of Containers and Orchestration (e.g., Docker, Kubernetes)
  • Container Security Best Practices
  • Vulnerability Scanning and Image Hardening
  • Kubernetes Security and Policies

Module 6: Monitoring, Logging, and Incident Response

  • Monitoring and Logging for Security Events
  • Real-Time Security Monitoring Tools
  • Incident Response and Forensics in a DevOps Environment
  • Security Information and Event Management (SIEM) Integration

Module 7: Compliance and Governance in DevSecOps

  • Overview of Compliance Requirements (e.g., GDPR, HIPAA)
  • Ensuring Compliance in Automated Pipelines
  • Policy-as-Code and Governance Automation
  • Managing Secrets and Access Controls

Module 8: Final Project and Case Studies

  • Review and Analysis of DevSecOps Case Studies
  • Capstone Project: Implementing a DevSecOps Pipeline
  • Peer Review and Code Review Exercises
  • Presentation and Documentation of Capstone Project
Instruktur
Jadwal Training
Tanggal Durasi Harga Pendaftar / Terkonfirmasi

Pendaftaran Training

Quotation

Butuh private training atau inhouse training?

Kirim Quotation
GlobalEdu - Professional IT Training
PLAZA GALEON THAMRIN NINE 5th Floor
Jalan MH. Thamrin No. 9
Jakarta Pusat 10230 – INDONESIA
Phone : (+6221) 30006725 / 30006726 (hunting)
Map
Company
GlobalEdu Assistant
+6281289388962 - Riva
+6287777575681 - Endang
+628128311911 - Emma
+081298037408 - Fenny
+6287878499838 - Hesty
+6288905195896 - Rara
+6285775015210 - Yunira
Partner
© 2025. GlobalEdu -
 Professional IT Training. All right reserved
Powered by Kodebyte
WhatsApp