EC-Council Certified DevSecOps Engineer (ECDE)

 

Course Overview

EC-Council Certified DevSecOps Engineer (ECDE) is a hands-on, instructor-led comprehensive DevSecOps certification program which helps professionals to build essential knowledge and abilities in designing, developing, maintaining a secure applications and infrastructure.

  • This course is blended with both theoretical knowledge as well as the practical implementation of DevSecOps in your on-prem and cloud-native (AWS and Azure) environment
  • The course covers integration and automation of all the major and widely used tools, processes, and methodologies of DevSecOps that help organizations to build secure applications rapidly in a DevOps environment

Who should attend

  • C|ASE-certified professionals
  • Application security professionals
  • DevOps engineers
  • Software engineers and testers
  • IT security professionals
  • Cybersecurity engineers and analysts
  • Anyone with prior knowledge of application security who wants to build their career in DevSecOps

Prerequisites

Students should have an understanding of application security concepts.

Course Objectives

  • Understand the DevOps culture and principles and learn about the exhaustive list of tools and technologies that enable adopting DevOps methodologies.
  • Understand the security bottlenecks while implementing DevOps and learn the DevSecOps culture, philosophy, practices, and tools to enhance collaboration and communication across the development and operations teams.
  • Transform the organization’s security practices from the traditional approach by integrating security into Continuous Delivery workflows.
  • Understand the DevSecOps toolchain and include security controls in the DevOps automated pipeline.
  • Learn to Integrate Eclipse, Github with Jenkins to Build Applications
  • Align various security practices like security requirement gathering, threat modelling, secure code reviews etc., with the development workflow.
  • Learn to integrate threat modelling tools like Threat Dragon, Threat Modeler and Threatspec.
  • Integrate Jira and Confluence to manage security requirements
  • Learn integration of security plugins, scanners, Software composition analysis (SCA) tools with IDE to detect and mitigate vulnerability during development and Shift-Left security approach from prevention to identification.
  • Learn to use Jenkins in creating a secure CI/CD pipeline.
  • Integrate runtime application selfprotection tools like Hdiv, Sqreen, and Dynatrace that protect applications during runtime with fewer false positives and remediate known vulnerabilities.
  • Integrate SonarLint with the Eclipse and Visual Studio Code IDEs.
  • Implement tools like the JFrog IDE plugin and the Codacy platform.
  • Integrate automated security testing into a CI/CD pipeline using Amazon CloudWatch; Amazon Elastic Container Registry; and AWS CodeCommit, CodeBuild, CodePipeline, Lambda, and Security Hub.
  • Implement various automation tools and practices, including Jenkins, Bamboo, TeamCity, and Gradle.
  • Perform continuous vulnerability scans on data and product builds using automated tools like Nessus, SonarCloud, Amazon Macie, and Probely.
  • Implement penetration testing tools like gitGraber and GitMiner to secure CI/CD pipelines.
  • Use AWS and Azure tools to secure applications.
  • Integrate automated tools to identify security misconfigurations that could expose sensitive information and result in attacks.
  • Understand the concept of infrastructure as code and provision and configure infrastructure using tools like Ansible, Puppet, and Chef.
  • Audit code pushes, pipelines, and compliance using logging and monitoring tools like Sumo Logic, Datadog, Splunk, the ELK stack, and Nagios.
  • Use automated monitoring and alerting tools (e.g., Splunk, Azure Monitor, Nagios) and create a real-time alert and control system.
  • Integrate compliance-as-code tools like Cloud Custodian and the DevSec framework to ensure that organizational regulatory or compliance requirements are met without hindering production.
  • Scan and secure infrastructure using container and image scanners (Trivy and Qualys) and infrastructure security scanners (Bridgecrew and Checkov).
  • Integrate tools and practices to build continuous feedback into the DevSecOps pipeline using Jenkins and Microsoft Teams email notifications.
  • Integrate alerting tools like Opsgenie with log management and monitoring tools to enhance operations performance and security.

Outline: EC-Council Certified DevSecOps Engineer (ECDE)

  • Module 01: Understanding DevOps Culture
  • Module 02: Introduction to DevSecOps
  • Module 03: DevSecOps Pipeline-Plan Stage
  • Module 04: DevSecOps Pipeline-Code Stage
  • Module 05: DevSecOps Pipeline-Build and Test Stage
  • Module 06: DevSecOps Pipeline-Release and Deploy Stage
  • Module 07: DevSecOps Pipeline-Operate and Monitor Stage

Prices & Delivery methods

Online Training

Duration
3 days

Price
  • Online Training: CAD 2,375
  • Online Training: US $ 1,799
Classroom Training

Duration
3 days

Price
  • Canada: CAD 2,375

Schedule

Currently there are no training dates scheduled for this course.