EC-Council DevSecOps Essentials (DSE)

Module 1: Fundamentals of Application Development

– History and Evolution of Application Development

– Introduction to Application Architectures

– The Application Development Lifecycle

– Application Testing and Quality Assurance

– Application Monitoring, Maintenance, and Support

Module 2: Application Security Essentials

– Secure Application Development

– Understanding Application Security

– Identifying Common Application Security Risks and Threats

– Overview of OWASP Top 10

– Application Security Techniques and Principles

– Secure Coding Practices and Code Review

– Introduction to SAST and DAST Testing

– Implementing Secure Configurations

– Educating Developers on Security Best Practices

– Role of Risk Management and Project Management in Secure Development

Module 3: Introduction to DevOps

– Understanding the principles of DevOps

– DevOps Pipelines and their significance

– Integration of DevOps with Project Management

Module 4: Introduction to DevSecOps

– Understanding the concept of DevSecOps

– Differentiating DevOps and DevSecOps

– Embracing DevSecOps Culture and Principles

Module 5: Introduction to DevSecOps Management Tools

– Overview of Project Management Tools

– Integrated Development Environment (IDE) Tools

– Source-code Management Tools

– Build and Continuous Testing Tools

Module 6: Introduction to DevSecOps Code and CI/CD Tools

– Understanding Continuous Integration Tools

– Infrastructure as Code Tools

– Configuration Management Tools

– Continuous Monitoring Tools

Module 7: Introduction to DevSecOps Pipelines

– Role of DevSecOps in the CI/CD Pipeline

– Overview of DevSecOps Tools

– Embracing the DevSecOps Lifecycle

– Key Elements of the DevSecOps Pipeline

– Integrating Security into the DevOps Pipeline

Module 8: Introduction to DevSecOps CI/CD Testing and Assessments

– Implementing Security Controls in the CI/CD Pipeline

– Continuous Security in DevSecOps with Security as Code

– Continuous Application Testing for CI/CD Pipeline Security

– Application Assessments and Penetration Testing

Module 9: Implementing DevSecOps Testing & Threat Modeling

– Integrating Security Threat Modeling in the Planning Stage

– Integrating Secure Coding in the Code Stage

– Implementing SAST, DAST, and IAST in the Build and Test Stage

– Integrating RASP and VAPT in the Release and Deploy Stage

Module 10: Implementing DevSecOps Monitoring Feedback

– Implementing Infrastructure as Code (IaC)

– Integrating Configuration Orchestration

– Integrating Security in the Operate and Monitor Stage

– Implementing Compliance as Code (CaC)

– Integrating Logging, Monitoring, and Alerting

– Integrating Continuous Feedback Loop