Certified DevSecOps Engineer (ECDE)

Agenda Module 01: Understanding DevOps Culture

• Evolution of the Software Development Life Cycle
• Introduction to DevOps
• DevOps in an On-Premise Environment
• DevOps in an AWS Cloud Native Environment
• DevOps in an Azure Cloud Native Environment
• Frameworks and Maturity Model in DevOps
• Security Silos in DevOps

Module 02: Introduction to DevSecOps

• Addressing Security Bottlenecks and Challenges in
• DevOps Process
• Introduction to DevSecOps
• DevSecOps Culture
• Continuous Security in DevSecOps
• DevSecOps Pipeline
• DevSecOps Strategy
• DevSecOps Tools

Module 03: DevSecOps Pipeline-Plan Stage

• Continuous Threat Modeling in the DevSecOps Pipeline
• Integration of Threat Modeling Tools
• Managing Security Requirements in DevSecOps
• Technical Security Debts
• Pre-Commit Checks
• Secure Code Training and Awareness
• Security Tools Training

Module 04: DevSecOps Pipeline-Code Stage

• Integration of Security Plugins in IDEs
• Configuring and Managing Code Scanning for GitHub Repository
• Integration and Scanning Source Code Repository
• Integration of Secret Management Tools
• Integration of Software Composition Analysis (SCA) Tools

Module 05: DevSecOps Pipeline-Build ans Test Stage

• Integration of SAST Tool
• Integration of SAST Tool with AWS Cloud
• Integration of SAST Tool with Microsoft Azure
• Conducting Manual Secure Code Review
• Integration of DAST Tool
• Integration of DAST Tool with AWS
• Integration of DAST Tool with Azure
• Integration of IAST Tool
• Security Testing Framework

Module 06: DevSecOps Pipeline-Release and Deploy Stage

• Integration of RASP Tool
• Conduct Penetration Testing
• Integration of Vulnerability Scanning Tool
• Run Bug Bounty Program
• Integration of Threat Detection Tools
• Infrastructure Deployment using Infrastructure as Code (IaC)
• Infrastructure Provisioning as Code (IaC) using Terraform
• Integration of AWS CloudFormation
• Integrate Configuration Orchestration Tools: Ansible, Chef, Puppet, Azure Resource Management

Module 07: DevSecOps Pipeline-Operate and Monitor Stage

• Scanning Infrastructure as Code (IaC) for Vulnerabilities
• Scanning Infrastructure for Vulnerabilities
• Securing Containers
• Integration of Container Vulnerability Scanning Tools
• Securing Jenkins
• Integration of Compliance as Code (CaC) Tools
• Integration of Logging, Monitoring, and Alerting Tools
• Monitoring in AWS
• Monitoring in Azure
• WAF Integration
• Continuous Feedback Integration

Prüfung: Certified DevSecOps Engineer (E|CDE)-Zertifizierung

• Die E|CDE-Prüfung ist eine 4-stündige Prüfung mit 100 Multiple-Choice-Fragen.
• Prüfungsnummer: 312-97 (VUE)

Prüfungssprache:

• Bitte beachten Sie, dass die Prüfung nur auf Englisch verfügbar ist.

All-Inklusive Preis:

• Inkl. EC-Council E|CDE-Unterlage (Englisch) - Certified Ethical Hacker Courseware Kit
• Inkl. EC-Council E|CDE-Lab (Englisch) - 6 Monate kostenloser Zugriff auf CEH-v12 CyberQ (Labs) nach dem Kurs
• Inkl. EC-Council E|CDE Prüfungsvoucher für das Zertifikat EC-Council Certified DevSecOps Engineer (E|CDE)

Kurssprache:

• Deutsch

Trainer:

• Erfahrener Certified EC-Council Instructor

Voraussetzungen

Für eine optimale Teilnahme am Kurs empfehlen wir folgende Vorkenntnisse:

• Vorkenntnisse in DevOps und IT Sicherheits-Konzepten

Zielgruppe

• Fachleute / Beauftragte für Informationssicherheit
• DevOps Entwickler
• Softwareentwickler und Softwaretester
• IT-Security Professionals
• Cyber Security Entwickler und Analysten
• Alle, die eine Karriere mit DevSecOps planen