COURSE

DevSecOps Fundamentals

Course

Do you have basic knowledge of security controls, but want to learn more about threat modeling and integrating security into DevSecOps? Our DevSecOps course will help you to incorporate security features in all parts of the development process, as well as navigate security challenges in custom software and web applications.
Full access included with 
Insider Pro
 and 
Teams

4

H

40

M
Time

beginner

i
Designed for learners who have no prior work experience in IT or Cybersecurity, but are interested in starting a career in this exciting field.
Designed for learners with prior cybersecurity work experience who are interested in advancing their career or expanding their skillset.
Designed for learners with a solid grasp of foundational IT and cybersecurity concepts who are interested in pursuing an entry-level security role.
Experience Level

5

i

Earn qualifying credits for certification renewal with completion certificates provided for submission.
CEU's

Enrollees

Learners at 96% of Fortune 1000 companies trust Cybrary

About this course

Read More

Skills you'll gain

Course Outline

1
Securing the Development Cycle
0
H
29
Min
1
What are we Defending?
0
H
26
Min
1
Pipeline: Planning and Awareness
0
H
49
Min
1
Pipeline: Development
0
H
42
Min
1
Pipeline: Delivery
0
H
55
Min
1
Pipeline: Deployment
0
H
43
Min
1
Pipeline: Operation and Monitor
0
H
29
Min
1
Conclusion
0
H
7
Min

Module 7 Introduction

Free

4m

Module 6 Introduction

Free

4m

Module 5 Introduction

Free

5m

Module 4 Introduction

Free

3m

Module 2 Introduction

Free

3m

Conclusion

Free

7m

RASP and SCA

Free

4m

Continuous Development

Free

5m

Pipeline Orchestration

Free

7m

Dynamic App Security Test (DAST)

Free

11m

Jenkins Demo: DevOps

Free

10m

What is the Problem?

Free

8m

Static vs. Dynamic Analysis

Free

6m

RASP Demo

Free

7m

Infrastructure as Code (IaC)

Free

8m

Static App Security Test (SAST)

Free

8m

Logic Flaws, Automation, Defect Tracking

Free

7m

DevSecOps Metrics

Free

4m

Integrate Security Into DevOps

Free

10m

Security in the Stack

Free

10m

Operation Maturity

Free

4m

Jenkins Demo: IaC

Free

8m

Jenkins Demo: DAST

Free

10m

Security for Developers

Free

5m

Jenkins Overview

Free

5m

Module 1 Summary

Free

2m

Interactive App Security Test (IAST)

Free

6m

Deployment Maturity

Free

8m

Jenkins Demo: SAST/SCA

Free

9m

SpotBugs Demo

Free

8m

Module 2 Summary

Free

2m

Continuous Monitoring

Free

7m

Kubernetes

Free

7m

Contrast IAST Demo

Free

11m

OWASP DevSecOps Security Model

Free

7m

DevOps for Security Staff

Free

5m

Module 7 Summary

Free

2m

Module 6 Summary

Free

2m

Delivery Maturity

Free

4m

Module 4 Summary

Free

2m

Threat Modeling

Free

9m

Module 5 Summary

Free

2m

Module 3 Summary

Free

2m

Module 7 Introduction

4m

Pipeline: Operation and Monitor
Module 6 Introduction

4m

Pipeline: Deployment
Module 5 Introduction

5m

Pipeline: Delivery
Module 4 Introduction

3m

Pipeline: Development
Module 2 Introduction

3m

What are we Defending?
Conclusion

7m

Conclusion
RASP and SCA

4m

Pipeline: Operation and Monitor
Continuous Development

5m

Pipeline: Deployment
Pipeline Orchestration

7m

Pipeline: Development
Jenkins Demo: DevOps

10m

Pipeline: Planning and Awareness
What is the Problem?

8m

Securing the Development Cycle
Static vs. Dynamic Analysis

6m

What are we Defending?
RASP Demo

7m

Pipeline: Operation and Monitor
Infrastructure as Code (IaC)

8m

Pipeline: Deployment
DevSecOps Metrics

4m

Pipeline: Planning and Awareness
Integrate Security Into DevOps

10m

Securing the Development Cycle
Security in the Stack

10m

What are we Defending?
Operation Maturity

4m

Pipeline: Operation and Monitor
Jenkins Demo: IaC

8m

Pipeline: Deployment
Jenkins Demo: DAST

10m

Pipeline: Delivery
Security for Developers

5m

Pipeline: Planning and Awareness
Jenkins Overview

5m

What are we Defending?
Course Description

This DevSecOps course will provide students with the fundamental knowledge to integrate security controls, processes, and services into the DevOps pipeline. This course covers the distinct security challenges posed by custom software and web applications.

Security professionals have a robust suite of tools and methodologies for assessing the risk to operating systems, firewalls, and other components on the network. But they may have limited knowledge on how to review web applications and custom code. As demonstrated by the recent breaches, which have exploited third-party libraries, continuous monitoring and assessment do not always include a review of software dependencies.

Organizations rely on regular patches for commercial software and understand how to deploy updates. But maintaining secure custom software requires development team support or integration into a DevSecOps pipeline.

To gain a common understanding of these distinct security challenges, the course will include an overview of vulnerabilities such as XSS, CSRF, SQL injection, Local/Remote File Inclusion, and other findings identified in the OWASP Top 10. Additional insight will be provided into the susceptibility to “supply chain” risks when third-party libraries are loaded from public repositories such as NPM, Docker Hub, Python Package Index, or Cloud services marketplaces. The focus of the course is on open-source tools to perform static code analysis, dynamic code analysis, and third-party dependency checks.

We will pull in concepts from open resources such as the DoD Enterprise DevSecOps Reference Design, OWASP DevSecOps Maturity Model, and the DevSecOps group.

What is Secure Software Development?

It is a practice to ensure that the code and processes that go into developing applications are as secure as possible. Secure development entails the utilization of several processes, including the implementation of a Software Development Lifecycle (SDLC) and secure coding itself.

Every company is looking to save money and reduce risk. One way security-savvy organizations do so is by employing secure software development techniques in the creation and maintenance of their technical endeavors. These techniques you will learn include software acquisition strategy, development environment security controls, and software security effectiveness.

On a daily basis, someone in this type of role may be creating new tools for everything from virus, spyware, malware, and intrusion detection to traffic analysis. Or they could be working to ensure that security measures are included in any software your organization produces. Regardless of the specific role, there are certain skills needed to ensure the software being developed is in fact secure. This area of secure development also covers software acquisition strategy, development environment security controls, and software security effectiveness to ensure all aspects of security are covered from the perspective of a developer.

What Are the Prerequisites for This Course?

Individuals who wish to take this DevSecOps course should have a basic understanding of security controls, attack vectors, and cybersecurity principles. You will not need to understand programming, but some knowledge of the process from development to deployment would be helpful.

The course is based on an assumption of basic cybersecurity principles, but we will start with the need for integrating security into the DevOps cycle and identifying specific tools or processes to accomplish this goal.

Some understanding of existing automated security tools may be helpful, but students will be given a basic description of the tools. Additional research can be pursued as needed.

What Are the DevSecOps Course Goals?

By the end of this DevSecOps course, students should be able to:

  • Describe the need for implementing DevSecOps
  • Gain executive buy-in on DevSecOps
  • Develop a plan to integrate Security into DevOps
  • List the major steps of DevOps pipeline
  • Select tools to automate security testing into the DevOps pipeline
  • Identify certifications for Developers, Cyber Staff, and Operations
  • Differentiate between Static and Dynamic analysis
  • Discuss protection controls for specific attack vectors
  • Perform threat modeling to match security controls to attack vectors
  • Demonstrate the need for 3rd party library review
  • Identify methods for securing Cloud architecture
  • Implement continuous monitoring after deployment
  • In a world of cyberattacks and people falling victim to hacked personal information, developing software with strong security is essential. Some developers may see themselves as a coder at heart, writing language to make programs function. But even when developers are using basic coding,they can help protect software from being hacked by creating robust security features and continuously communicating with security teams.

    What is DevSecOps?

    DevSecOps is the IT industry term for development, security, and operations. DevSecOps is the philosophy that security features should be integrated into the software at each step of the development process. DevSecOps improves communication and merges traditional IT and security to deliver code quickly and safely.

    When a developer uses DevSecOps practices, they’re putting building coding and creating security barriers in the same process. When using DevSecOps practices, security features are thought of, created, and integrated into the earliest stages of software development.

    DevSecOps practices put the responsibility of security on everyone in an organization that is rolling out new software, writing code, or creating an application.

    “DevOps has become second nature for agile, high-performing enterprises and a foundation for the success of their online business,” Pascal Geenens, a security evangelist and researcher at Radware, told CSO Online. He argues, “Continuous change in technology and consumer demand means there is a continuous cycle of updates to run that will keep a very varied set of functions from page upload times to shopping and search features up to date and running at their best.”

    What is the difference between DevOps and DevSecOps?

    DevSecOps differs from its similar-sounding counterpart, DevOps.

    DevOps practices involve combining software development and IT operations to shorten the systems’ development life cycle and provide continuous delivery with high software quality. DevOps doesn’t have the same security integration as DevSecOps. Each team within an organization would have its own responsibilities, with security being sectioned off.

    DevSecOps merges the creation of applications, code, and software with the best security practices.

    Why are DevSecOps practices important?

    Technology has evolved rapidly to allow cloud sharing among multiple users, cloud computing, and rapid data delivery. However, security practices have not kept pace with evolving technology. With multiple users accessing data remotely, security risks increase.

    DevSecOps practices are essential because they protect data, users, and software from security breaches before they happen.

    How do you become DevSecOps certified?

    You can obtain a DevSecOps certification by taking online DevSecOps courses through platforms such as Cybrary. Before getting started, students should already have a basic understanding of security controls, attack vectors, and cybersecurity principles.

    Cybrary’s DevSecOps course starts with an introduction to security during the development cycle. The course covers possible security breaches a system could have, as well as static and dynamic analyses. Students will learn how to plan for security integration throughout the development pipeline, as well as deliver and deploy software with DevSecOps practices in mind. Finally, students will gain skills to monitor the system on an ongoing basis.

    Cybrary offers DevSecOps training broken into short, on-demand video modules, allowing students to learn at their own pace. The full course is five hours long.

    At the end of the course, you can go on to pursue certification by taking the official exams for numerous DevSecOps certifications, including:

  • DevSecOps Foundation Certification
  • DevSecOps Practitioner Certification
  • EXIN DevSecOps Manager
  • GIAC Cloud Security Automation (GCSA)
  • GSDC Certified DevSecOps Engineer
  • Certified DevSecOps Professional
  • The typical DevSecOps engineer earns more than $142,000 a year, according to Neuvoo. In cities such as New York, DevSecOps professionals can earn as much as $175,000. As a DevSecOps engineer, professionals will collaborate with DevOps engineers, stay up to date on the latest security trends, and help their organization build secure, fast software to execute the company’s goals.

    Train Your Team

    Cybrary’s expert-led cybersecurity courses help your team remediate skill gaps and get up-to-date on certifications. Utilize Cybrary to stay ahead of emerging threats and provide team members with clarity on how to learn, grow, and advance their careers within your organization.

    Included in a Path

    Instructors

    Philip Kulp
    Read Full Bio
    Learn

    Learn core concepts and get hands-on with key skills.

    Practice

    Exercise your problem-solving and creative thinking skills with security-centric puzzles

    Prove

    Assess your knowledge and skills to identify areas for improvement and measure your growth

    Get Hands-on Learning

    Put your skills to the test in virtual labs, challenges, and simulated environments.

    Measure Your Progress

    Track your skills development from lesson to lesson using the Cybrary Skills Tracker.

    Connect with the Community

    Connect with peers and mentors through our supportive community of cybersecurity professionals.

    Success from Our Learners

    "Cybrary really helped me get up to speed and acquire a baseline level of technical knowledge. It offers a far more comprehensive approach than just learning from a book. It actually shows you how to apply cybersecurity processes in a hands-on way"

    Don Gates

    Principal Systems Engineer/SAIC

    "Cybrary’s SOC Analyst career path was the difference maker, and was instrumental in me landing my new job. I was able to show the employer that I had the right knowledge and the hands-on skills to execute the role."

    Cory

    Cybersecurity analyst/

    "I was able to earn my CISSP certification within 60 days of signing up for Cybrary Insider Pro and got hired as a Security Analyst conducting security assessments and penetration testing within 120 days. This certainly wouldn’t have been possible without the support of the Cybrary mentor community."

    Mike

    Security Engineer and Pentester/

    "Cybrary really helped me get up to speed and acquire a baseline level of technical knowledge. It offers a far more comprehensive approach than just learning from a book. It actually shows you how to apply cybersecurity processes in a hands-on way"

    Don Gates

    Principal Systems Engineer/SAIC

    "Cybrary’s SOC Analyst career path was the difference maker, and was instrumental in me landing my new job. I was able to show the employer that I had the right knowledge and the hands-on skills to execute the role."

    Cory

    Cybersecurity analyst/

    "I was able to earn my CISSP certification within 60 days of signing up for Cybrary Insider Pro and got hired as a Security Analyst conducting security assessments and penetration testing within 120 days. This certainly wouldn’t have been possible without the support of the Cybrary mentor community."

    Mike

    Security Engineer and Pentester/

    "Becoming a Cybrary Insider Pro was a total game changer. Cybrary was instrumental in helping me break into cybersecurity, despite having no prior IT experience or security-related degree. Their career paths gave me clear direction, the instructors had real-world experience, and the virtual labs let me gain hands-on skills I could confidently put on my resume and speak to in interviews."

    Cassandra

    Information Security Analyst/Cisco Systems

    "I was able to earn both my Security+ and CySA+ in two months. I give all the credit to Cybrary. I’m also proud to announce I recently accepted a job as a Cyber Systems Engineer at BDO... I always try to debunk the idea that you can't get a job without experience or a degree."

    Casey

    Cyber Systems Engineer/BDO

    "Cybrary has helped me improve my hands-on skills and pass my toughest certification exams, enabling me to achieve 13 advanced certifications and successfully launch my own business. I love the practice tests for certification exams, especially, and appreciate the wide-ranging training options that let me find the best fit for my goals"

    Angel

    Founder,/ IntellChromatics.

    DevSecOps Fundamentals

    Do you have basic knowledge of security controls, but want to learn more about threat modeling and integrating security into DevSecOps? Our DevSecOps course will help you to incorporate security features in all parts of the development process, as well as navigate security challenges in custom software and web applications.
    4
    40
    M
    Time
    beginner
    difficulty
    5
    ceu/cpe

    Course Content

    Course Description

    This DevSecOps course will provide students with the fundamental knowledge to integrate security controls, processes, and services into the DevOps pipeline. This course covers the distinct security challenges posed by custom software and web applications.

    Security professionals have a robust suite of tools and methodologies for assessing the risk to operating systems, firewalls, and other components on the network. But they may have limited knowledge on how to review web applications and custom code. As demonstrated by the recent breaches, which have exploited third-party libraries, continuous monitoring and assessment do not always include a review of software dependencies.

    Organizations rely on regular patches for commercial software and understand how to deploy updates. But maintaining secure custom software requires development team support or integration into a DevSecOps pipeline.

    To gain a common understanding of these distinct security challenges, the course will include an overview of vulnerabilities such as XSS, CSRF, SQL injection, Local/Remote File Inclusion, and other findings identified in the OWASP Top 10. Additional insight will be provided into the susceptibility to “supply chain” risks when third-party libraries are loaded from public repositories such as NPM, Docker Hub, Python Package Index, or Cloud services marketplaces. The focus of the course is on open-source tools to perform static code analysis, dynamic code analysis, and third-party dependency checks.

    We will pull in concepts from open resources such as the DoD Enterprise DevSecOps Reference Design, OWASP DevSecOps Maturity Model, and the DevSecOps group.

    What is Secure Software Development?

    It is a practice to ensure that the code and processes that go into developing applications are as secure as possible. Secure development entails the utilization of several processes, including the implementation of a Software Development Lifecycle (SDLC) and secure coding itself.

    Every company is looking to save money and reduce risk. One way security-savvy organizations do so is by employing secure software development techniques in the creation and maintenance of their technical endeavors. These techniques you will learn include software acquisition strategy, development environment security controls, and software security effectiveness.

    On a daily basis, someone in this type of role may be creating new tools for everything from virus, spyware, malware, and intrusion detection to traffic analysis. Or they could be working to ensure that security measures are included in any software your organization produces. Regardless of the specific role, there are certain skills needed to ensure the software being developed is in fact secure. This area of secure development also covers software acquisition strategy, development environment security controls, and software security effectiveness to ensure all aspects of security are covered from the perspective of a developer.

    What Are the Prerequisites for This Course?

    Individuals who wish to take this DevSecOps course should have a basic understanding of security controls, attack vectors, and cybersecurity principles. You will not need to understand programming, but some knowledge of the process from development to deployment would be helpful.

    The course is based on an assumption of basic cybersecurity principles, but we will start with the need for integrating security into the DevOps cycle and identifying specific tools or processes to accomplish this goal.

    Some understanding of existing automated security tools may be helpful, but students will be given a basic description of the tools. Additional research can be pursued as needed.

    What Are the DevSecOps Course Goals?

    By the end of this DevSecOps course, students should be able to:

  • Describe the need for implementing DevSecOps
  • Gain executive buy-in on DevSecOps
  • Develop a plan to integrate Security into DevOps
  • List the major steps of DevOps pipeline
  • Select tools to automate security testing into the DevOps pipeline
  • Identify certifications for Developers, Cyber Staff, and Operations
  • Differentiate between Static and Dynamic analysis
  • Discuss protection controls for specific attack vectors
  • Perform threat modeling to match security controls to attack vectors
  • Demonstrate the need for 3rd party library review
  • Identify methods for securing Cloud architecture
  • Implement continuous monitoring after deployment
  • In a world of cyberattacks and people falling victim to hacked personal information, developing software with strong security is essential. Some developers may see themselves as a coder at heart, writing language to make programs function. But even when developers are using basic coding,they can help protect software from being hacked by creating robust security features and continuously communicating with security teams.

    What is DevSecOps?

    DevSecOps is the IT industry term for development, security, and operations. DevSecOps is the philosophy that security features should be integrated into the software at each step of the development process. DevSecOps improves communication and merges traditional IT and security to deliver code quickly and safely.

    When a developer uses DevSecOps practices, they’re putting building coding and creating security barriers in the same process. When using DevSecOps practices, security features are thought of, created, and integrated into the earliest stages of software development.

    DevSecOps practices put the responsibility of security on everyone in an organization that is rolling out new software, writing code, or creating an application.

    “DevOps has become second nature for agile, high-performing enterprises and a foundation for the success of their online business,” Pascal Geenens, a security evangelist and researcher at Radware, told CSO Online. He argues, “Continuous change in technology and consumer demand means there is a continuous cycle of updates to run that will keep a very varied set of functions from page upload times to shopping and search features up to date and running at their best.”

    What is the difference between DevOps and DevSecOps?

    DevSecOps differs from its similar-sounding counterpart, DevOps.

    DevOps practices involve combining software development and IT operations to shorten the systems’ development life cycle and provide continuous delivery with high software quality. DevOps doesn’t have the same security integration as DevSecOps. Each team within an organization would have its own responsibilities, with security being sectioned off.

    DevSecOps merges the creation of applications, code, and software with the best security practices.

    Why are DevSecOps practices important?

    Technology has evolved rapidly to allow cloud sharing among multiple users, cloud computing, and rapid data delivery. However, security practices have not kept pace with evolving technology. With multiple users accessing data remotely, security risks increase.

    DevSecOps practices are essential because they protect data, users, and software from security breaches before they happen.

    How do you become DevSecOps certified?

    You can obtain a DevSecOps certification by taking online DevSecOps courses through platforms such as Cybrary. Before getting started, students should already have a basic understanding of security controls, attack vectors, and cybersecurity principles.

    Cybrary’s DevSecOps course starts with an introduction to security during the development cycle. The course covers possible security breaches a system could have, as well as static and dynamic analyses. Students will learn how to plan for security integration throughout the development pipeline, as well as deliver and deploy software with DevSecOps practices in mind. Finally, students will gain skills to monitor the system on an ongoing basis.

    Cybrary offers DevSecOps training broken into short, on-demand video modules, allowing students to learn at their own pace. The full course is five hours long.

    At the end of the course, you can go on to pursue certification by taking the official exams for numerous DevSecOps certifications, including:

  • DevSecOps Foundation Certification
  • DevSecOps Practitioner Certification
  • EXIN DevSecOps Manager
  • GIAC Cloud Security Automation (GCSA)
  • GSDC Certified DevSecOps Engineer
  • Certified DevSecOps Professional
  • The typical DevSecOps engineer earns more than $142,000 a year, according to Neuvoo. In cities such as New York, DevSecOps professionals can earn as much as $175,000. As a DevSecOps engineer, professionals will collaborate with DevOps engineers, stay up to date on the latest security trends, and help their organization build secure, fast software to execute the company’s goals.

    This course is part of a Career Path:
    No items found.

    Instructed by

    Provider
    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a DevSecOps Fundamentals Certificate of Completion