DevSecOps Bootcamp
The DevSecOps Bootcamp is developed by DevSecOps consultants and practitioners, inspired by the idea that everyone is responsible for building rugged software, improving security, and operating like a boss
ZippyOPS also offers customized DevSecOps Bootcamp
Let's discuss your customized DevSecOps Bootcamp need
Detailed Curriculum
Click on the tools list(tab) below to get the detailed curriculum
Introduction
What is DevSecOps
DevSecOps Building Blocks- People, Process, and Technology
DevSecOps Principles – Culture, Automation, Measurement and Sharing (CAMS)
Benefits of DevSecOps – Speed, Reliability, Availability, Scalability, Automation, Cost and Visibility
Introduction to Agile
Introduction to virtualization and cloud
What is Continuous Integration and Continuous Deployment?
Continuous Integration to Continuous Deployment to Continuous Delivery
Continuous Delivery vs Continuous Deployment
General workflow of CI/CD pipeline
Blue/Green deployment strategy
Achieving full automation
Designing a CI/CD pipeline for web application
Common Challenges faced when using the DevSecOps principle.
Case studies on DevSecOps of cutting edge technology
Introduction
Understanding version control
The history of Git
About distributed version control
Who should use Git?
Installing Git on Windows
Installing Git on Linux
Configuring Git
Exploring Git auto-completion
Using Git help
Initializing a repository
Understanding where Git files are stored
Performing your first commit
Writing commit messages
Viewing the commit log
Exploring the three-trees architecture
The Git workflow
Using hash values (SHA-1)
Working with the HEAD pointer
Adding files
Editing files
Viewing changes with diff
Viewing only staged changes
Deleting files
Moving and renaming files
Undoing working directory changes
Unstaging files
Amending commits
Retrieving old versions
Reverting a commit
Using reset to undo commits
Demonstrating a soft reset
Demonstrating a mixed reset
Demonstrating a hard reset
Removing untracked files
Using gitignore
Understanding what to ignore
Ignoring files globally
Ignoring tracked files
Tracking empty directories
Referencing commits
Exploring tree listings
Getting more from the commit log
Viewing commits
Comparing commits
Branching overview
Viewing and creating branches
Switching branches
Creating and switching branches
Switching branches with uncommitted changes
Comparing branches
Renaming branches
Deleting branches
Configuring the command prompt to show the branch
Merging code
Using fast-forward merge vs true merge
Merging conflicts
Resolving merge conflicts
Exploring strategies to reduce merge conflicts
Saving changes in the stash
Viewing stashed changes
Retrieving stashed changes
Deleting stashed changes
Working with GitHub
Setting up a GitHub account
Adding a remote repository
Creating a remote branch
Cloning a remote repository
Tracking remote branches
Pushing changes to a remote repository
Fetching changes from a remote repository
Merging in fetched changes
Checking out remote branches
Pushing to an updated remote branch
Deleting a remote branch
Enabling collaboration
A collaboration workflow
Using SSH keys for remote login
Managing repo in GitHub
Managing users in GitHub
Managing keys in GitHub
Webhook in GitHub
Introduction to Jenkins
Introduction to Continuous Integration
Continuous Integration vs Continuous Delivery
Jenkins Overview
Characteristics and features
Architecture
Concepts and Terms
Benefits and Limitations
Installation and Configuration
Jenkins Installation and Configuration
Plug-ins Overview
Integration with Git
Integration with Maven
Integration with Java
Installing plugins
Setting up Build Jobs
Jenkins Dashboard
Create the first job
Running the first job
Manage jobs - failing, disable, update and delete
Pipeline with Jenkinsfile
Freestyle Project Configuration
Git Hooks and Other Build Triggers
Workspace Environment Variables
Parameterized Projects
UpstreamDownstream Projects and the Parameterized Trigger Plugin
Build a Java application with Maven using Jenkins
Continuous Delivery Pipeline
Publishing Build Artifacts
Deployment Plug-in setup and configuration
Auto Deployment of build artifacts into the target server
Deploy a Java application with Maven using Jenkins
Executing selenium Functional Testing with deployment
Management, Security and Best Practices
Managing and Monitoring Jenkins Server
Scaling Jenkins
Securing Jenkins
Adding Linux Node and executing job on it
Adding windows node and executing job on it
Configuring access control on Jenkins
Configuring role-based access control
Jenkins logs
Management
Credentials in Jenkins
Best Practices
Jenkins Pipeline
Writing Jenkins Pipeline file for java application build and deployment
Storing Jenkins in git and configuring webhook
Difference between declarative and scripted pipeline
Specify an agent in the pipeline
Parameters in Pipeline
Schedule build in the pipeline
Webhook in pipeline
Approval in pipeline
Approval with timeout in the pipeline
Variables in pipeline
Email notification in the pipeline
Post build action in the pipeline
Parallel stages in the pipeline
Condition in pipeline
Selenium Functional Testing in the pipeline
Static Application Security Testing
What is Secure SDLC
What is Software Component Analysis?
Software Component Analysis and Its challenges.
What is Static Application Security Testing?
Sonarqube
Introduction to Sonarqube
Architecture of Sonarqube
Installation of Sonarqube
Managemnt of Sonarqube
User management
Installing plugin's in Sonarqube
Quality profiles
Quality gates
Iintegrating Sonarqube with Jenkins
Integrating Sonarqube with Jenkins
Jenkins pipeline to execute sonar scan
Jenkins pipeline to publish a report
Jenkins pipeline to implement the quality gate
Embedding Security as part of CI/CD pipeline
Software Composition Analysis (SCA)
Introduction to Software Composition Analysis
What is National Vulnerability Database
Common Platform Enumeration (CPE)
Common Vulnerability and Exposure (CVE)
OWASP Dependency-Check
Introduction to OWASP Dependency-Check
Installing OWASP Dependency-Check Plugin in Jenkins
Configuring OWASP Dependency-Check Plugin in Jenkins
Jenkins pipeline to perform OWASP Dependency-Check
Jenkins pipeline to publish OWASP Dependency-Check report
Introduction
Introduction to Configuration Management
Introduction to Ansible
Core Components of Ansible
Yaml Overview
Creating Lab Servers
Ad-hoc commands in Ansible
What is an ad-hoc command?
Executing non-privileged commands on Linux
Executing privileged commands on Linux
Executing commands on windows
Using Ansible modules via ad-hoc command
Static and Dynamic inventories
Static Inventories
Dynamic Inventories
Configuring AWS as Dynamic Inventory using python script
Create Ansible Plays and Playbooks
Ansible Playbooks
Commonly used Modules
Using modules in playbooks
Playbook to Create a file
Playbook to create folders
Installing a package on Linux
Installing a package on windows
Managing a service on Linux
Managing a service on windows
Executing commands on Linux
Executing commands on windows
Create and use templates to create customized configuration files
Managing services with handlers
Installing and configuring apache
Condition and loops
loops in playbooks
Nested loop in playbooks
Condition in Playbooks
Logs in Playbook
Registering logs
Custom logs in playbooks
Error Handling in Playbooks
Modules and tags
Modifying file using inline file module
Executing an application
Tags in playbooks
Including and excluding tags in playbook execution
Variables
Playbook Variables
List Variables
Dictionary variable
Host Variable
Runtime variable
Variable precedence
Facts
Ansible facts and how we use facts.d
Using Ansible facts
Using variables to gather server info
Vault
Ansible Vault
Ansible Vault view
Ansible Vault edit
Ansible vault rekey
Ansible Roles
Ansible Role
Create a role to install apache
Ansible galaxy and how it's used
Use multiple roles
Testing playbooks
Testing your Ansible roles with Molecule
Installing Molecule
Initializing a new role with Molecule
Configure Molecule
Pre-built Docker images with Molecule
Running first Molecule test
AWX Tower
Introduction to AWX tower
Installing and configuring AWX tower
Log into our Ansible tower and run a sample task
Managing project in AWX
Managing inventories in AWX
Creating and executing template in AWX
Multiconfiguration template in AWX
User Management in AWX
Notification in AWX
Learning the Basics of Docker
Introduction to Docker
Docker Containers vs Virtual Machines
Docker Architecture
The Docker Hub
Docker Installation
Creating Our First Image
Working With Multiple Images
Packaging A Customized Container
Running Container Commands With Docker
Exposing Our Container With Port Redirects
The Dockerfile
Dockerfile Directives USER and RUN
Dockerfile Directives RUN Order of Execution
Dockerfile Directives ENV
Dockerfile Directives CMD vs RUN
Dockerfile Directives ENTRYPOINT
Dockerfile Directives EXPOSE
Manual Image creation
Manually executing commands inside the container
Committing an exited container to an image
Docker Commands and Structures
Inspect Container Processes
Previous Container Management
Controlling Port Exposure on Containers
Naming Our Containers
Docker Monitoring commands
docker ps
docker inspect
docker top
docker exec
docker cp
docker kill
Docker Image Management
Managing and Removing Base Images
Saving and Loading Docker Images
Image History
Taking Control of Our Tags
Pushing to Docker Hub
Volumes and network
Container Volume Management
Docker Network List and Inspect
Docker Network Create and Remove
Docker Network Assign to Containers
Mimic 3 tire architecture using docker network
Assigning static IP for container
Docker compose
Introduction to Docker Compose
Benefits of Compose
Configure the Compose file
Build image instruction
Setting up a private registry
Installing Private registry
Push and Pull from a private registry
Listing images on a private registry
Docker - Logging
Daemon Logging
Container Logging
Troubleshooting
Docker logs
Docker inspect
Limit a container’s access
Memory
CPUs
Introduction
Introduction to Container Security scan
Introduction to Anchore Engine
Architecture of Anchore Engine
Installing and configuring the Anchore Engine
Jenkins pipeline to execute Anchore scan
Installing Anchore Container Image Scanner Plugin in Jenkins
Configuring Anchore Container Image Scanner Plugin in Jenkins
Jenkins pipeline to scan container
Jenkins pipeline to publish the report
Introduction
Introduction to Kubernetes
Kubernetes Architecture
Introduction to YAML
Kubernetes Setup and Configuration Manual method
Packages and Dependencies
Install and Configure Master Controller
Install and Configure the Minions
Kubectl Exploring our Environment
Kubernetes Setup and Configuration Kubeadm method
Kubeadm installation
Kubernetes cluster initiation
Node addition to Kubernetes cluster
Cloud integration with cluster
Pods, Tags, and Services
Create and Deploy Pod Definitions
Tags, Labels, and Selectors
Deployment State
Multi Pod (Container) Replication Controller
Create and Deploy Service Definitions
Logs, Scaling, and Recovery
Creating Temporary Pods at the Command line
Interacting with Pod Containers
Logs
Autoscaling and Scaling our Pods
Failure and Recovery
Deployment strategies
All in one
Rolling update
Blue Green
Continues Integration with docker
Jenkins integration with Kubernetes
Docker plugin
Complete deployment flow
CI & CD
Kubernetes components
ConfigMap
Secrets
Deamon sets
Stateful set
Running jobs
Cron jobs
Batch jobs
Istio
Install Istio
Traffic Management in Istio
Gateway
Virtual service
Canary deployment
Other Kubernetes Provider
Introduction to Azure Kubernetes Service
Introduction to Amazon Elastic Kubernetes Service
Introduction to Google Kubernetes Engine
Introduction to Openshift
Helm
Introduction to helm chart
Installation and configuration of HELM
Deploying application via HELM chart
Maintaining deployments using helm
Monitoring
Introduction to EFK
Implementation of EFK
Introduction to Prometheus
Implementation of Prometheus
Open Web Application Security Project (OWASP)
Introduction to Open Web Application Security Project
What is Dynamic Application Security Testing
Dynamic Analysis and Its challenges ( Session Management, AJAX Crawling )
Creating baseline scans for DAST Zed Attack Proxy(ZAP)
Introduction to OWASP Zed Attack Proxy
Installing and configuring OWASP Zed Attack Proxy
Installing OWASP Zed Attack Proxy Plugin in Jenkins
Configuring OWASP Zed Attack Proxy Plugin in Jenkins
Jenkins pipeline to perform OWASP ZAP scan
Jenkins pipeline to publish OWASP ZAP report
Introduction to Open Web Application Security Project
What is Dynamic Application Security Testing
Dynamic Analysis and Its challenges ( Session Management, AJAX Crawling )
Creating baseline scans for DAST Zed Attack Proxy(ZAP)
Introduction to OWASP Zed Attack Proxy
Installing and configuring OWASP Zed Attack Proxy
Installing OWASP Zed Attack Proxy Plugin in Jenkins
Configuring OWASP Zed Attack Proxy Plugin in Jenkins
Jenkins pipeline to perform OWASP ZAP scan
Jenkins pipeline to publish OWASP ZAP report
Vulnerability Assessment and Penetration Testing (VAPT)
Introduction to Vulnerability Assessment and Penetration Testing
What is Vulnerability Assessment
What is Penetration Testing
VAPT and Its challenges
OpenVAS
Introduction to OpenVAS
Installing and configuring OpenVAS
Checking OpenVAS Installation
Building OpenVAS Task
OpenVAS Administration
Read and understand scan report
Jenkins pipeline to execute OpenVAS scan
Script to create the task and execute scan
Jenkins pipeline to execute the script to create task and perform scan
Jenkins pipeline to publish OpenVAS report
Introduction to Vulnerability Assessment and Penetration Testing
What is Vulnerability Assessment
What is Penetration Testing
VAPT and Its challenges
OpenVAS
Introduction to OpenVAS
Installing and configuring OpenVAS
Checking OpenVAS Installation
Building OpenVAS Task
OpenVAS Administration
Read and understand scan report
Jenkins pipeline to execute OpenVAS scan
Script to create the task and execute scan
Jenkins pipeline to execute the script to create task and perform scan
Jenkins pipeline to publish OpenVAS report
Customized DevSecOps Bootcamp Avaliable
The shoe that fits one person pinches another; there is no recipe for living that suits all cases.
We also offer customized DevSecOps Bootcamp that meets your need
DevSecOPS Tools List
Let's Start Automation Journey Together
With our Enterprise Automation consulting, we help large, medium enterprises and startups achieve higher efficiency in Development and Operations, quicker time to market, the better quality of software builds and secure delivery of softwares with early identification of emerging issues, without security weaknesses and letting the code be in a releasable state always.