What skills you’ll learn
EC-Council’s DevSecOps certification offers a balanced combination of theoretical concepts and practical expertise. The ECDE instructor-led, lab-focused training that leverages AI, aligning your skills with real-world job roles.
By the end of the course, you will:
- Understand DevOps culture and principles, along with the tools and technologies that facilitate the adoption of DevOps methodologies.
- Identify and overcome security challenges in DevOps by embracing a DevSecOps culture, philosophy, practices, and tools to enhance collaboration and communication between development and operations teams.
- Transform traditional security practices by embedding security into continuous delivery workflows throughout the development process.
- Understand the DevSecOps toolchain and integrate security controls into automated DevOps pipelines.
- Integrate Eclipse and GitHub with Jenkins to streamline application development and build processes.
- Align key security practices, such as requirements gathering, threat modeling, and secure code reviews, with development workflows.
- Integrate threat modeling tools like Threat Dragon, ThreatModeler, and Threatspec.
- Integrate Jira and Confluence to effectively manage security requirements throughout the development lifecycle.
- Integrate security plugins, scanners, and software composition analysis (SCA) tools within integrated development environments (IDEs) to detect and mitigate vulnerabilities early.
- Use Jenkins to create and manage secure continuous integration and continuous deployment (CI/CD) pipelines.
- Gain expertise with various security testing tools, including:
- Static application security testing (SAST): Snyk, SonarQube, Checkmarx
- Dynamic application security testing (DAST): StackHawk, OWASP ZAP, Invicti
- Interactive application security testing (IAST): CxFlow IAST, Invicti Shark
- Software composition analysis (SCA): Debricked, Mend, OWASP Dependency-Check
- Integrate runtime application self-protection (RASP) tools like Contrast Security, Datadog, and Dynatrace to protect applications during runtime with minimal false positives and effective vulnerability remediation.
- Integrate tools like SonarLint with Eclipse, Visual Studio, and Visual Studio Code (VS Code) to enhance code quality and security within the development environment.
- Automate security testing within the CI/CD pipeline using the JFrog Security IDE Plugin, Snyk IDE Plugin, and Codacy.
- Leverage various automation tools and practices to streamline development, security, and operations across on-premises and cloud environments.
- Use automated scanning tools like Nessus, SonarQube, SonarCloud, Amazon Macie, and Probely Vulnerability Scanning to conduct continuous vulnerability scans on product builds.
- Use penetration testing tools like GitGraber, Gitleaks, and GitMiner to secure the CI/CD pipeline against vulnerabilities.
- Use AWS, Azure, and GCP DevSecOps tools for securing applications in the cloud.
- Integrate automated tools to detect and address security misconfigurations that could expose sensitive information.
- Provision and configure infrastructure using infrastructure as code (IaC) tools like Ansible, Puppet, and Chef.
- Monitor infrastructure, networks, and applications using tools and services designed for both on-premises and cloud environments.
- Implement comprehensive logging and monitoring using tools like Sumo Logic, Datadog, Splunk, Elasticsearch, Logstash, and Kibana (ELK), and Nagios to audit processes from code pushes to compliance activities.
- Use automated monitoring and alerting tools, such as Splunk, Paessler Router Traffic Grapher (PRTG), and Nagios, to build real-time alerting and control systems.
- Integrate compliance as code (CaC) tools like Cloud Custodian and DevSec to meet regulatory requirements without disrupting production.
- Scan and secure infrastructure using container and image scanners (Trivy, Qualys) and infrastructure security scanners (Prisma Cloud, Checkov).
- Integrate continuous feedback mechanisms into the DevSecOps pipeline using tools like email notifications in Jenkins and Microsoft Teams.
- Integrate alerting tools like Opsgenie with log management and monitoring tools to improve operational performance and security.
- Integrate tools like Incident.io, PagerDuty, and Splunk for effective incident response within the DevSecOps pipeline.
- Implement automated backups, configure failover, conduct disaster recovery testing, automate replication, and perform rollbacks to ensure high availability, fault tolerance, and disaster recovery in both on-premises and cloud environments.
- Integrate AI in DevSecOps, exploring AI-powered tools within DevOps/DevSecOps pipelines, conducting AI-based secure code reviews, and leveraging AI-driven SAST to enhance security and automation.
