{"course":{"productid":32309,"modality":1,"active":true,"language":"fr","title":"EC-Council Certified DevSecOps Engineer","productcode":"ECDE","vendorcode":"EC","vendorname":"EC-Council","fullproductcode":"EC-ECDE","courseware":{"has_ekit":false,"has_printkit":true,"language":""},"url":"https:\/\/portal.flane.ch\/course\/ec-ecde","objective":"<ul>\n<li>Understand DevOps security bottlenecks and discover how the culture, philosophy, practices, and tools of DevSecOps can enhance collaboration and communication across development and operations teams.<\/li><li>Understand the DevSecOps toolchain and how to include security controls in automated DevOps pipelines.<\/li><li>Integrate Eclipse and GitHub with Jenkins to build applications.<\/li><li>Align security practices like security requirement gathering, threat modeling, and secure code reviews with development workflows.<\/li><li>Integrate threat modeling tools like Threat Dragon, ThreatModeler, and Threatspec; manage security requirements with Jira and Confluence; and use Jenkins to create a secure CI\/CD pipeline.<\/li><li>Understand and implement continuous security testing with static, dynamic, and interactive application security testing and SCA tools (e.g., Snyk, SonarQube, StackHawk, Checkmarx SAST, Debricked, WhiteSource Bolt).<\/li><li>Integrate runtime application selfprotection tools like Hdiv, Sqreen, and Dynatrace that protect applications during runtime with fewer false positives and remediate known vulnerabilities.<\/li><li>Integrate SonarLint with the Eclipse and Visual Studio Code IDEs.<\/li><li>Implement tools like the JFrog IDE plugin and the Codacy platform.<\/li><li>Integrate automated security testing into a CI\/CD pipeline using Amazon CloudWatch; Amazon Elastic Container Registry; and AWS CodeCommit, CodeBuild, CodePipeline, Lambda, and Security Hub.<\/li><li>Implement various automation tools and practices, including Jenkins, Bamboo, TeamCity, and Gradle.<\/li><li>Perform continuous vulnerability scans on data and product builds using automated tools like Nessus, SonarCloud, Amazon Macie, and Probely.<\/li><li>Implement penetration testing tools like gitGraber and GitMiner to secure CI\/CD pipelines.<\/li><li>Use AWS and Azure tools to secure applications.<\/li><li>Integrate automated tools to identify security misconfigurations that could expose sensitive information and result in attacks.<\/li><li>Understand the concept of infrastructure as code and provision and configure infrastructure using tools like Ansible, Puppet, and Chef.<\/li><li>Audit code pushes, pipelines, and compliance using logging and monitoring tools like Sumo Logic, Datadog, Splunk, the ELK stack, and Nagios.<\/li><li>Use automated monitoring and alerting tools (e.g., Splunk, Azure Monitor, Nagios) and create a real-time alert and control system.<\/li><li>Integrate compliance-as-code tools like Cloud Custodian and the DevSec framework to ensure that organizational regulatory or compliance requirements are met without hindering production.<\/li><li>Scan and secure infrastructure using container and image scanners (Trivy and Qualys) and infrastructure security scanners (Bridgecrew and Checkov).<\/li><li>Integrate tools and practices to build continuous feedback into the DevSecOps pipeline using Jenkins and Microsoft Teams email notifications.<\/li><li>Integrate alerting tools like Opsgenie with log management and monitoring tools to enhance operations performance and security.<\/li><\/ul>","essentials":"<p>Students should have an understanding of application security concepts.<\/p>","audience":"<ul>\n<li>C|ASE-certified professionals<\/li><li>Application security professionals<\/li><li>DevOps engineers<\/li><li>Software engineers and testers<\/li><li>IT security professionals<\/li><li>Cybersecurity engineers and analysts<\/li><li>Anyone with prior knowledge of application security who wants to build their career in DevSecOps<\/li><\/ul>","contents":"<ul>\n<li>Understanding DevOps Culture<\/li><li>Introduction to DevSecOps<\/li><li>DevSecOps Pipeline&mdash;Plan Stage<\/li><li>DevSecOps Pipeline&mdash;Code Stage<\/li><li>DevSecOps Pipeline&mdash;Build and Test Stage<\/li><li>DevSecOps Pipeline&mdash;Release and Deploy Stage<\/li><li>DevSecOps Pipeline&mdash;Operate and Monitor Stage<\/li><\/ul>","objective_plain":"- Understand DevOps security bottlenecks and discover how the culture, philosophy, practices, and tools of DevSecOps can enhance collaboration and communication across development and operations teams.\n- Understand the DevSecOps toolchain and how to include security controls in automated DevOps pipelines.\n- Integrate Eclipse and GitHub with Jenkins to build applications.\n- Align security practices like security requirement gathering, threat modeling, and secure code reviews with development workflows.\n- Integrate threat modeling tools like Threat Dragon, ThreatModeler, and Threatspec; manage security requirements with Jira and Confluence; and use Jenkins to create a secure CI\/CD pipeline.\n- Understand and implement continuous security testing with static, dynamic, and interactive application security testing and SCA tools (e.g., Snyk, SonarQube, StackHawk, Checkmarx SAST, Debricked, WhiteSource Bolt).\n- Integrate runtime application selfprotection tools like Hdiv, Sqreen, and Dynatrace that protect applications during runtime with fewer false positives and remediate known vulnerabilities.\n- Integrate SonarLint with the Eclipse and Visual Studio Code IDEs.\n- Implement tools like the JFrog IDE plugin and the Codacy platform.\n- Integrate automated security testing into a CI\/CD pipeline using Amazon CloudWatch; Amazon Elastic Container Registry; and AWS CodeCommit, CodeBuild, CodePipeline, Lambda, and Security Hub.\n- Implement various automation tools and practices, including Jenkins, Bamboo, TeamCity, and Gradle.\n- Perform continuous vulnerability scans on data and product builds using automated tools like Nessus, SonarCloud, Amazon Macie, and Probely.\n- Implement penetration testing tools like gitGraber and GitMiner to secure CI\/CD pipelines.\n- Use AWS and Azure tools to secure applications.\n- Integrate automated tools to identify security misconfigurations that could expose sensitive information and result in attacks.\n- Understand the concept of infrastructure as code and provision and configure infrastructure using tools like Ansible, Puppet, and Chef.\n- Audit code pushes, pipelines, and compliance using logging and monitoring tools like Sumo Logic, Datadog, Splunk, the ELK stack, and Nagios.\n- Use automated monitoring and alerting tools (e.g., Splunk, Azure Monitor, Nagios) and create a real-time alert and control system.\n- Integrate compliance-as-code tools like Cloud Custodian and the DevSec framework to ensure that organizational regulatory or compliance requirements are met without hindering production.\n- Scan and secure infrastructure using container and image scanners (Trivy and Qualys) and infrastructure security scanners (Bridgecrew and Checkov).\n- Integrate tools and practices to build continuous feedback into the DevSecOps pipeline using Jenkins and Microsoft Teams email notifications.\n- Integrate alerting tools like Opsgenie with log management and monitoring tools to enhance operations performance and security.","essentials_plain":"Students should have an understanding of application security concepts.","audience_plain":"- C|ASE-certified professionals\n- Application security professionals\n- DevOps engineers\n- Software engineers and testers\n- IT security professionals\n- Cybersecurity engineers and analysts\n- Anyone with prior knowledge of application security who wants to build their career in DevSecOps","contents_plain":"- Understanding DevOps Culture\n- Introduction to DevSecOps\n- DevSecOps Pipeline\u2014Plan Stage\n- DevSecOps Pipeline\u2014Code Stage\n- DevSecOps Pipeline\u2014Build and Test Stage\n- DevSecOps Pipeline\u2014Release and Deploy Stage\n- DevSecOps Pipeline\u2014Operate and Monitor Stage","skill_level":"Expert","version":"1.0","duration":{"unit":"d","value":3,"formatted":"3 jours"},"pricelist":{"List Price":{"DE":{"country":"DE","currency":"EUR","taxrate":19,"price":2950},"AT":{"country":"AT","currency":"EUR","taxrate":20,"price":2950},"SE":{"country":"SE","currency":"EUR","taxrate":25,"price":2950},"CH":{"country":"CH","currency":"CHF","taxrate":8.1,"price":3300},"NL":{"country":"NL","currency":"EUR","taxrate":21,"price":2950},"IT":{"country":"IT","currency":"EUR","taxrate":20,"price":2950},"SI":{"country":"SI","currency":"EUR","taxrate":20,"price":2950}}},"lastchanged":"2025-10-06T10:17:28+02:00","parenturl":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-courses","nexturl_course_schedule":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-course-schedule\/32309","source_lang":"fr","source":"https:\/\/portal.flane.ch\/swisscom\/fr\/json-course\/ec-ecde"}}