Course Overview
EC-Council’s Certified DevSecOps Engineer (E|CDE) v2 is a lab-intensive, practical course that incorporates the use of AI in DevSecOps and equips professionals with relevant skills to design, develop, and maintain secure applications and infrastructure. It covers both application and infrastructure in on-premises and the top 3 cloud-native platforms—AWS, Azure, and GCP.
Who should attend
- C|ASE-certified professionals
- Application security professionals
- DevOps engineers
- Software engineers and testers
- IT security professionals
- Cybersecurity engineers and analysts
- Anyone with prior knowledge of application security who wants to build their career in DevSecOps
Prerequisites
Students should have an understanding of application security concepts.
Course Objectives
- Learn to integrate Eclipse and GitHub with Jenkins to streamline application development and build processes
- Learn to integrate threat modeling tools like Threat Dragon, ThreatModeler, and Threatspec
- Integrate Jira and Confluence to effectively manage security requirements throughout the development lifecycle
- Learn to integrate security plugins, scanners, and software composition analysis (SCA) tools within IDEs to detect and mitigate vulnerabilities early in development, following a Shift-Left security approach
- Use Jenkins to create and manage secure CI/CD pipelines
- Gain expertise in using various SAST (Snyk, SonarQube, and Checkmarx), DAST (Stackhawk, OWASP ZAP, and Invicti), IAST (CxFlow IAST and Invicti Shark), and SCA (Debricked, Mend, and OWASP Dependency-Check) tools for comprehensive security testing
- Integrate RASP tools like Contrast Security, Datadog, and Dynatrace to protect applications during runtime with minimal false positives and effective vulnerability remediation
- Learn to integrate tools like SonarLint with Eclipse, Visual Studio, and VS Code to enhance code quality and security within the development environment
- Implement tools such as JFrog Security IDE Plugin, Snyk ID, and Codacy to automate security testing within the CI/CD pipeline
- Conduct continuous vulnerability scans on product builds using automated scanning tools like Nessus, SonarQube, SonarCloud, Amazon Macie, and Probely Vulnerability Scanning
- Use penetration testing tools like GitGraber, Gitleaks, and GitMiner to secure the CI/CD pipeline against vulnerabilities
- Provision and configure infrastructure using infrastructure as code (IaC) tools like Ansible, Puppet, and Chef
- Implement comprehensive logging and monitoring using tools like Sumo Logic, Datadog, Splunk, ELK, and Nagios to audit everything from code pushes to compliance activities
- Use automated monitoring and alerting tools such as Splunk, Paessler PRTG, and Nagios to build real-time alerting and control systems
- Integrate Compliance as Code (CaC) tools like Cloud Custodian and DevSec to meet regulatory requirements without disrupting production
- Learn to scan and secure infrastructure using container and image scanners (Trivy, Qualys) and infrastructure security scanners (Prisma Cloud, Checkov)
- Integrate continuous feedback mechanisms into the DevSecOps pipeline using tools like email notifications in Jenkins and Microsoft Teams
- Integrate alerting tools like OpsGenie with log management and monitoring tools to improve operational performance and security
- Integrate tools like Incident.io, PagerDuty, and Splunk for effective incident response within the DevSecOps pipeline
Outline: EC-Council Certified DevSecOps Engineer (ECDE)
- Module 01: Understanding DevOps Culture
- Module 02: Introduction to DevSecOps
- Module 03: DevSecOps Pipeline-Plan Stage
- Module 04: DevSecOps Pipeline-Code Stage
- Module 05: DevSecOps Pipeline-Build and Test Stage
- Module 06: DevSecOps Pipeline-Release and Deploy Stage
- Module 07: DevSecOps Pipeline-Operate and Monitor Stage