Recommended Path: DevSecOps
Our DevSecOps Path is designed for employees who are responsible for integrating security into the software development lifecycle, including Engineers, Release Managers, Infrastructure Engineers, and other similar roles. After completing our learning paths, DevSecOps Learners will be able to expertly identify and mitigate vulnerabilities and security threats throughout the application development lifecycle.
The DevSecOps training content is organized into three progressive levels:
-
DevSecOps Foundational: Covers foundational application security principles for DevSecOps engineers.
-
DevSecOps Intermediate: In-depth exploration of threat modeling, common security threats, security controls, and testing tools.
-
DevSecOps Advanced: Learners choose their language/technology/framework to move into more advanced topics with an opportunity to learn how to break and fix code in a real application environment:
-
Terraform
-
IaC
-
Docker Kubernetes
-
DevSecOps
-
Foundational: DevSecOps
Video Only | Total Learning Path Duration: 4 hours and 11 minutes
Introduction to Security Journey
Privacy and Customer Data Protection
Six Foundational Truths of Application Security
Intermediate: DevSecOps
Video and Hands-on | Total Learning Path Duration: 5 hours 1 minute
AppSec in an Agile World | Part 1
AppSec in an Agile World | Part 2
Static Application Security Testing (SAST)
Static Application Security Testing (SAST) (HackEDU)
Dynamic Application Security Testing (DAST)
Dynamic Application Security Testing (DAST) (HackEDU)
Advanced: DevSecOps
Video and Hands-on | Total Learning Path Duration: 5 hours 33 minutes
Designing a Secure App or Product
Secure Design Principles in Action: Part 1
Secure Design Principles in Action: Part 2
Securing the Development Environment
Protecting your Code Repository
DevSecOps: DevOps Security Myths
DevSecOps Maturity Model Overview
DevSecOps Maturity Model Build - Deployment
DevSecOps Maturity Model - Culture - Organization
Security Unit Testing (HackEDU)
DevSecOps Maturity Model Implementation - Information Gathering Part 1
Dependency Managment (HackEDU)
DevSecOps Maturity Model Implementation - Information Gathering Part 2
Continuous Monitoring (HackEdu)
DevSecOps Reference Architecture
Advanced: Docker/Kubernetes (DevSecOps)
Video and Hands-on | Total Learning Path Duration: 5 hours 20 minutes
Docker: Intro to Docker Security
Dockerfile Introduction (HackEDU)
Docker: Threat Landscape Part One
Docker: Threat Landscape Part Two
Docker Secret Handling (HackEDU)
Docker: Secure Software Supply Chain Part One
Docker: Secure Software Supply Chain Part Two
Docker: Best Practices - Engines
Docker Container Hardening (HackEDU)
Docker: Best Practices - Images
Docker Image Scanning (HackEDU)
Kubernetes: Introduction to Security
Kubernetes: Pod Security Policy
Kubernetes Static Analyzer (HackEDU)
Kubernetes: Role Based Access Control (RBAC)
Kubernetes: Best Practices, Part One
Kubernetes: Best Practices, Part Two
Kubernetes: Best Practices, Part Three
Advanced: Infrastructure as Code (DevSecOps)
Video Only | Total Learning Path Duration: 4 hours 58 minutes
Designing a Secure App or Product
Secure Design Principles in Action: Part 1
Secure Design Principles in Action: Part 2
Producing Clean, Maintainable, and Secure Code
Secure Coding Best Practices: Part 1
Secure Coding Best Practices: Part 2
Securing the Development Environment
Protecting your Code Repository
Introduction to Infrastructure as Code
Infrastructure as Code (HackEDU)
IaC Security Best Practices | Part 1
IaC Security Best Practices | Part 2
Advanced: Terraform (DevSecOps)
Video and Hands-on | Total Learning Path Duration: 5 hours 7 minutes
Designing a Secure App or Product
Secure Design Principles in Action: Part 1
Secure Design Principles in Action: Part 2
Securing the Development Environment
Protecting your Code Repository
Introduction to Infrastructure as Code
IaC Security Best Practices | Part 1
IaC Security Best Practices | Part 2
Infrastructure as Code (HackEDU)
Introduction to Terraform Security
Leveraging Terraform Tools for Security