DevSecOps Bootcamp


The DevSecOps Bootcamp is developed by DevSecOps consultants and practitioners, inspired by the idea that everyone is responsible for building rugged software, improving security, and operating like a boss


ZippyOPS also offers customized DevSecOps Bootcamp


Let's discuss your customized DevSecOps Bootcamp need


Contact Us

‌Detailed Curriculum

Click on the tools list(tab) below to get the detailed curriculum



‌Introduction
‌      What is DevSecOps
‌      DevSecOps Building Blocks- People, Process, and Technology
‌      DevSecOps Principles – Culture, Automation, Measurement and Sharing (CAMS)
‌      Benefits of DevSecOps – Speed, Reliability, Availability, Scalability, Automation, Cost and Visibility
‌      Introduction to Agile
‌      Introduction to virtualization and cloud
‌      What is Continuous Integration and Continuous Deployment?
‌            Continuous Integration to Continuous Deployment to Continuous Delivery
‌            Continuous Delivery vs Continuous Deployment
‌            General workflow of CI/CD pipeline
‌            Blue/Green deployment strategy
‌            Achieving full automation
‌            Designing a CI/CD pipeline for web application
‌      Common Challenges faced when using the DevSecOps principle.
  ‌    Case studies on DevSecOps of cutting edge technology


Introduction 
‌      Understanding version control
‌      The history of Git 
‌      About distributed version control 
‌      Who should use Git? 
‌      Installing Git on Windows
‌      Installing Git on Linux 
‌      Configuring Git 
‌      Exploring Git auto-completion
‌      Using Git help 
Initializing a repository 
‌      Understanding where Git files are stored
‌      Performing your first commit
‌      Writing commit messages      
‌      Viewing the commit log 
Exploring the three-trees architecture 
‌      The Git workflow
‌      Using hash values (SHA-1)
  ‌    Working with the HEAD pointer 
Adding files
‌      Editing files
‌      Viewing changes with diff
‌      Viewing only staged changes 
‌      Deleting files
‌      Moving and renaming files 
Undoing working directory changes
‌      Unstaging files
‌      Amending commits
‌      Retrieving old versions
‌      Reverting a commit 
‌      Using reset to undo commits
‌      Demonstrating a soft reset
‌      Demonstrating a mixed reset
‌      Demonstrating a hard reset
‌      Removing untracked files 
Using gitignore
‌      Understanding what to ignore
‌      Ignoring files globally
‌      Ignoring tracked files
‌      Tracking empty directories 
Referencing commits 
‌      Exploring tree listings
‌      Getting more from the commit log
‌      Viewing commits
‌      Comparing commits 
Branching overview 
‌      Viewing and creating branches
‌      Switching branches
‌      Creating and switching branches
‌      Switching branches with uncommitted changes
‌      Comparing branches
‌      Renaming branches 
‌      Deleting branches 
‌      Configuring the command prompt to show the branch 
Merging code
‌      Using fast-forward merge vs true merge
‌      Merging conflicts
‌      Resolving merge conflicts 
‌      Exploring strategies to reduce merge conflicts 
Saving changes in the stash
‌      Viewing stashed changes
‌      Retrieving stashed changes
‌      Deleting stashed changes 
Working with GitHub
‌      Setting up a GitHub account
‌      Adding a remote repository
‌      Creating a remote branch
‌      Cloning a remote repository
‌      Tracking remote branches
‌      Pushing changes to a remote repository
‌      Fetching changes from a remote repository
‌      Merging in fetched changes
‌      Checking out remote branches
‌      Pushing to an updated remote branch
‌      Deleting a remote branch
‌      Enabling collaboration
‌      A collaboration workflow
‌      Using SSH keys for remote login
‌      Managing repo in GitHub
‌      Managing users in GitHub
‌      Managing keys in GitHub
‌      Webhook in GitHub ‌


‌Introduction to Jenkins 
‌      Introduction to Continuous Integration 
‌      Continuous Integration vs Continuous Delivery 
‌      Jenkins Overview 
‌      Characteristics and features 
‌      Architecture 
‌      Concepts and Terms 
‌      Benefits and Limitations 
‌Installation and Configuration 
‌      Jenkins Installation and Configuration 
‌      Plug-ins Overview 
‌      Integration with Git 
‌      Integration with Maven 
‌      Integration with Java 
‌      Installing plugins 
‌Setting up Build Jobs 
‌      Jenkins Dashboard 
‌      Create the first job 
‌      Running the first job 
‌      Manage jobs - failing, disable, update and delete 
‌      Pipeline with Jenkinsfile 
‌      Freestyle Project Configuration 
‌      Git Hooks and Other Build Triggers 
‌      Workspace Environment Variables 
‌      Parameterized Projects 
‌      UpstreamDownstream Projects and the Parameterized Trigger Plugin 
‌      Build a Java application with Maven using Jenkins 
‌Continuous Delivery Pipeline 
‌      Publishing Build Artifacts 
‌      Deployment Plug-in setup and configuration 
‌      Auto Deployment of build artifacts into the target server 
‌      Deploy a Java application with Maven using Jenkins 
‌      Executing selenium Functional Testing with deployment 
‌Management, Security and Best Practices 
‌      Managing and Monitoring Jenkins Server 
‌      Scaling Jenkins 
‌      Securing Jenkins 
‌      Adding Linux Node and executing job on it 
‌      Adding windows node and executing job on it 
‌      Configuring access control on Jenkins 
‌      Configuring role-based access control 
‌      Jenkins logs 
‌      Management 
‌      Credentials in Jenkins 
‌      Best Practices 
‌Jenkins Pipeline 
‌      Writing Jenkins Pipeline file for java application build and deployment 
‌      Storing Jenkins in git and configuring webhook 
‌      Difference between declarative and scripted pipeline 
‌      Specify an agent in the pipeline 
‌      Parameters in Pipeline 
‌      Schedule build in the pipeline 
‌      Webhook in pipeline 
‌      Approval in pipeline 
‌      Approval with timeout in the pipeline 
‌      Variables in pipeline 
‌      Email notification in the pipeline 
‌      Post build action in the pipeline 
‌      Parallel stages in the pipeline 
‌      Condition in pipeline 
‌      Selenium Functional Testing in the pipeline 


Static Application Security Testing‌
      What is Secure SDLC 
  ‌    What is Software Component Analysis? 
  ‌    Software Component Analysis and Its challenges. 
‌      What is Static Application Security Testing? 
S‌onarqube
  ‌    Introduction to Sonarqube 
     ‌ Architecture of Sonarqube 
‌      Installation of Sonarqube 
   ‌   Managemnt of Sonarqube 
‌      User management 
  ‌    Installing plugin's in Sonarqube 
  ‌    Quality profiles 
  ‌    Quality gates 
I‌integrating S‌onarqube with Jenkins
‌      Integrating Sonarqube with Jenkins
‌      Jenkins pipeline to execute sonar scan 
‌      Jenkins pipeline to publish a report 
‌      Jenkins pipeline to implement the quality gate
‌     Embedding Security as part of CI/CD pipeline


‌Software Composition Analysis (SCA) 
‌      Introduction to Software Composition Analysis 
‌      What is National Vulnerability Database 
‌      Common Platform Enumeration (CPE) 
‌      Common Vulnerability and Exposure (CVE) 
‌OWASP Dependency-Check 
‌      Introduction to OWASP Dependency-Check ‌
‌      Installing OWASP Dependency-Check Plugin in Jenkins ‌ 
‌      Configuring OWASP Dependency-Check Plugin in Jenkins ‌ 
‌      Jenkins pipeline to perform OWASP Dependency-Check ‌ ‌ 
‌      Jenkins pipeline to publish OWASP Dependency-Check report

Introduction ‌ 
  ‌    Introduction to Configuration Management ‌ 
‌      Introduction to Ansible ‌ 
‌      Core Components of Ansible ‌ 
‌      Yaml Overview ‌ 
‌      Creating Lab Servers 
‌‌Ad-hoc commands in Ansible ‌ 
‌      What is an ad-hoc command?  ‌ 
‌      Executing non-privileged commands on Linux ‌ 
‌      Executing privileged commands on Linux ‌ 
‌      Executing commands on windows ‌ 
‌      Using Ansible modules via ad-hoc command ‌
‌Static and Dynamic inventories ‌ 
‌      Static Inventories ‌ 
‌      Dynamic Inventories ‌ 
‌      Configuring AWS as Dynamic Inventory using python script ‌
‌Create Ansible Plays and Playbooks ‌ 
‌      Ansible Playbooks ‌ 
‌      Commonly used Modules ‌ 
‌      Using modules in playbooks ‌ 
‌      Playbook to Create a file ‌ 
‌      Playbook to create folders ‌ 
‌      Installing a package on Linux ‌ 
‌      Installing a package on windows ‌ 
‌      Managing a service on Linux ‌ 
‌      Managing a service on windows ‌ 
‌      Executing commands on Linux ‌ 
‌      Executing commands on windows ‌ 
‌      Create and use templates to create customized configuration files ‌ 
‌      Managing services with handlers ‌ 
‌      Installing and configuring apache 
‌‌Condition and loops ‌ 
‌      loops in playbooks ‌ 
‌      Nested loop in playbooks ‌ 
‌      Condition in Playbooks ‌
‌Logs in Playbook ‌ 
‌      Registering logs ‌ 
‌      Custom logs in playbooks ‌ 
‌      Error Handling in Playbooks ‌
‌Modules and tags ‌ 
‌      Modifying file using inline file module ‌ 
‌      Executing an application ‌ 
‌      Tags in playbooks ‌ 
‌      Including and excluding tags in playbook execution ‌
‌Variables ‌ 
‌      Playbook Variables ‌ 
‌      List Variables ‌ 
‌      Dictionary variable ‌ 
‌      Host Variable ‌ 
‌      Runtime variable ‌ 
‌      Variable precedence ‌
‌Facts ‌ 
‌      Ansible facts and how we use facts.d ‌ 
‌      Using Ansible facts ‌ 
‌      Using variables to gather server info ‌
‌Vault ‌ 
‌      Ansible Vault ‌ 
‌      Ansible Vault view ‌ 
‌      Ansible Vault edit ‌ 
‌      Ansible vault rekey ‌ 
‌Ansible Roles
‌     Ansible Role ‌ 
‌    Create a role to install apache ‌ 
‌    Ansible galaxy and how it's used ‌ 
‌    Use multiple roles ‌
‌Testing playbooks ‌ 
‌      Testing your Ansible roles with Molecule ‌ 
‌      Installing Molecule ‌ 
‌      Initializing a new role with Molecule ‌ 
‌      Configure Molecule ‌ 
‌      Pre-built Docker images with Molecule ‌ 
‌      Running first Molecule test ‌
‌AWX Tower ‌ 
‌      Introduction to AWX tower ‌ 
‌      Installing and configuring AWX tower ‌ 
‌      Log into our Ansible tower and run a sample task ‌ 
‌      Managing project in AWX ‌ 
‌      Managing inventories in AWX ‌ 
‌      Creating and executing template in AWX ‌ 
‌      Multiconfiguration template in AWX ‌ 
‌      User Management in AWX ‌ 
‌      Notification in AWX


Learning the Basics of Docker ‌ 
‌      Introduction to Docker ‌ 
‌      Docker Containers vs Virtual Machines ‌ 
‌      Docker Architecture ‌ 
‌      The Docker Hub ‌ 
‌      Docker Installation ‌ 
‌      Creating Our First Image ‌ 
‌      Working With Multiple Images ‌ 
‌      Packaging A Customized Container ‌ 
‌      Running Container Commands With Docker ‌ 
‌      Exposing Our Container With Port Redirects ‌
‌The Dockerfile ‌ 
‌      Dockerfile Directives USER and RUN ‌ 
‌      Dockerfile Directives RUN Order of Execution ‌ 
‌      Dockerfile Directives ENV ‌ 
‌      Dockerfile Directives CMD vs RUN ‌ 
‌      Dockerfile Directives ENTRYPOINT ‌ 
‌      Dockerfile Directives EXPOSE ‌
Manual Image creation ‌ 
‌      Manually executing commands inside the container ‌ 
‌      Committing an exited container to an image 
‌‌Docker Commands and Structures ‌ 
‌      Inspect Container Processes ‌ 
‌      Previous Container Management ‌ 
‌      Controlling Port Exposure on Containers ‌ 
‌      Naming Our Containers
‌Docker Monitoring commands
‌      docker ps
‌      docker inspect
‌      docker top
‌      docker exec
‌      docker cp
‌      docker kill‌
‌Docker Image Management  ‌ 
‌      Managing and Removing Base Images ‌ 
‌      Saving and Loading Docker Images ‌ 
‌      Image History ‌ 
‌      Taking Control of Our Tags ‌ 
‌      Pushing to Docker Hub ‌
‌Volumes and network ‌ 
‌      Container Volume Management ‌ 
‌      Docker Network List and Inspect ‌ 
‌      Docker Network Create and Remove ‌ 
‌      Docker Network Assign to Containers ‌ 
‌      Mimic 3 tire architecture using docker network ‌ 
‌      Assigning static IP for container ‌
‌Docker compose ‌ 
‌      Introduction to Docker Compose ‌ 
‌      Benefits of Compose ‌ 
‌      Configure the Compose file ‌ 
‌      Build image instruction ‌
‌Setting up a private registry ‌ 
‌      Installing Private registry ‌ 
‌      Push and Pull from a private registry ‌ 
‌      Listing images on a private registry ‌
‌Docker - Logging ‌ 
‌      Daemon Logging ‌ 
‌      Container Logging 
‌‌Troubleshooting ‌  
‌      Docker logs ‌ 
‌      Docker inspect ‌
‌Limit a container’s access ‌ 
‌      Memory ‌ 
‌      CPUs

‌Introduction ‌ 
‌      Introduction to Container Security scan ‌ 
‌      Introduction to Anchore Engine ‌ 
‌      Architecture of Anchore Engine ‌ 
‌      Installing and configuring the Anchore Engine ‌
Jenkins pipeline to execute Anchore scan ‌ ‌ 
‌      Installing Anchore Container Image Scanner Plugin in Jenkins ‌ 
‌      Configuring Anchore Container Image Scanner Plugin in Jenkins ‌ 
‌      Jenkins pipeline to scan container ‌ ‌ 
‌      Jenkins pipeline to publish the report


‌Introduction ‌ 
‌      Introduction to Kubernetes ‌ 
‌      Kubernetes Architecture ‌ 
‌      Introduction to YAML ‌
‌Kubernetes Setup and Configuration Manual method ‌ 
‌      Packages and Dependencies ‌ 
‌      Install and Configure Master Controller ‌ 
‌      Install and Configure the Minions ‌ 
‌      Kubectl Exploring our Environment 
‌‌Kubernetes Setup and Configuration Kubeadm method ‌ 
‌      Kubeadm installation ‌ 
‌      Kubernetes cluster initiation ‌ 
‌      Node addition to Kubernetes cluster ‌ 
‌      Cloud integration with cluster ‌
‌Pods, Tags, and Services ‌ 
‌      Create and Deploy Pod Definitions ‌ 
‌      Tags, Labels, and Selectors ‌ 
‌      Deployment State ‌ 
‌      Multi Pod (Container) Replication Controller ‌ 
‌      Create and Deploy Service Definitions ‌
‌Logs, Scaling, and Recovery ‌ 
‌      Creating Temporary Pods at the Command line ‌ 
‌      Interacting with Pod Containers ‌ 
‌      Logs ‌ 
‌      Autoscaling and Scaling our Pods ‌ 
‌      Failure and Recovery ‌
‌Deployment strategies ‌ 
‌      All in one ‌ 
‌      Rolling update ‌ 
‌      Blue Green ‌
‌Continues Integration with docker ‌ 
‌      Jenkins integration with Kubernetes ‌ 
‌      Docker plugin ‌ 
‌      Complete deployment flow ‌ 
‌      CI & CD ‌
‌Kubernetes components ‌ 
‌      ConfigMap ‌ 
‌      Secrets ‌ 
‌      Deamon sets ‌ 
‌      Stateful set ‌
‌Running jobs ‌ 
‌      Cron jobs ‌ 
‌      Batch jobs ‌
‌Istio ‌ 
‌      Install Istio ‌ 
‌      Traffic Management in Istio ‌ 
‌      Gateway ‌ 
‌      Virtual service ‌ 
‌      Canary deployment ‌
‌Other Kubernetes Provider ‌ 
‌      Introduction to Azure Kubernetes Service ‌ 
‌      Introduction to Amazon Elastic Kubernetes Service ‌ 
‌      Introduction to Google Kubernetes Engine ‌ 
‌      Introduction to Openshift ‌
‌Helm ‌ 
‌      Introduction to helm chart ‌ 
‌      Installation and configuration of HELM ‌ 
‌      Deploying application via HELM chart ‌ 
‌      Maintaining deployments using helm ‌
‌Monitoring ‌ 
‌      Introduction to EFK ‌ 
‌      Implementation of EFK ‌ 
‌      Introduction to Prometheus ‌ 
‌      Implementation of Prometheus

‌Open Web Application Security Project (OWASP) ‌ 
‌      Introduction to Open Web Application Security Project ‌ 
‌      What is Dynamic Application Security Testing ‌ 
‌      Dynamic Analysis and Its challenges ( Session Management, AJAX Crawling ) ‌ 
‌      Creating baseline scans for DAST ‌Zed Attack Proxy(ZAP) ‌ 
‌Introduction to OWASP Zed Attack Proxy ‌ 
‌      Installing and configuring OWASP Zed Attack Proxy ‌ ‌ 
  ‌    Installing OWASP Zed Attack Proxy Plugin in Jenkins ‌ ‌ 
‌      Configuring OWASP Zed Attack Proxy Plugin in Jenkins ‌ ‌ 
‌      Jenkins pipeline to perform OWASP ZAP scan ‌ ‌ 
‌      Jenkins pipeline to publish OWASP ZAP report

Vulnerability Assessment and Penetration Testing (VAPT) ‌ 
‌      Introduction to Vulnerability Assessment and Penetration Testing ‌ 
‌      What is Vulnerability Assessment
‌      What is Penetration Testing  ‌ 
‌      VAPT and Its challenges 
‌OpenVAS
‌      Introduction to OpenVAS
‌      Installing and configuring OpenVAS
‌      Checking OpenVAS Installation
‌      Building OpenVAS Task
‌      OpenVAS Administration
‌      Read and understand scan report
‌‌Jenkins pipeline to execute OpenVAS scan
‌    Script to create the task and execute scan 
‌  ‌ ‌ Jenkins pipeline to execute the script to create task and perform scan ‌ ‌ 
‌    Jenkins pipeline to publish OpenVAS report

Customized DevSecOps Bootcamp Avaliable

The shoe that fits one person pinches another; there is no recipe for living that suits all cases. 

‌We also offer customized DevSecOps Bootcamp that meets your need



Contact Us


‌DevSecOPS Tools List

DevSecOps

Integrate automation and security into your product pipeline



More Info

GIT

Source Control Management Tool



More Info

Jenkins

Continuous Integration Tool



More Info

Sonarqube

Static Code Analysis Tool



More Info

OWASP Dependency-Check

Software Composition Analysis Tool



More Info

Ansible

Configuration Management Tool



More Info

Docker

Containerization Tool



More Info

Anchore

Container Image Scanning Tool



More Info

Kubernetes

Container Orchestration Tool



More Info

Zed Attack Proxy(ZAP)

Dynamic Application Security Testing Tool



More Info

OpenVAS

Vulnerability Assessment and Penetration Testing Tool



More Info

Let's Start Automation Journey Together

With our Enterprise Automation consulting, we help large, medium enterprises and startups achieve higher efficiency in Development and Operations, quicker time to market, the better quality of software builds and secure delivery of softwares with early identification of emerging issues, without security weaknesses and letting the code be in a releasable state always. ‌

Contact Us
We use cookies to personalise content , provide live chat and to analyse our web traffic.
Accept all cookies
Manage your cookies
Essential site cookies