EC-Council Certified DevSecOps Engineer

EC-Council Certified DevSecOps EngineerECDEECEC-CouncilEC-ECDE1.0<ul> <li>Understand DevOps security bottlenecks and discover how the culture, philosophy, practices, and tools of DevSecOps can enhance collaboration and communication across development and operations teams.</li><li>Understand the DevSecOps toolchain and how to include security controls in automated DevOps pipelines.</li><li>Integrate Eclipse and GitHub with Jenkins to build applications.</li><li>Align security practices like security requirement gathering, threat modeling, and secure code reviews with development workflows.</li><li>Integrate threat modeling tools like Threat Dragon, ThreatModeler, and Threatspec; manage security requirements with Jira and Confluence; and use Jenkins to create a secure CI/CD pipeline.</li><li>Understand and implement continuous security testing with static, dynamic, and interactive application security testing and SCA tools (e.g., Snyk, SonarQube, StackHawk, Checkmarx SAST, Debricked, WhiteSource Bolt).</li><li>Integrate runtime application selfprotection tools like Hdiv, Sqreen, and Dynatrace that protect applications during runtime with fewer false positives and remediate known vulnerabilities.</li><li>Integrate SonarLint with the Eclipse and Visual Studio Code IDEs.</li><li>Implement tools like the JFrog IDE plugin and the Codacy platform.</li><li>Integrate automated security testing into a CI/CD pipeline using Amazon CloudWatch; Amazon Elastic Container Registry; and AWS CodeCommit, CodeBuild, CodePipeline, Lambda, and Security Hub.</li><li>Implement various automation tools and practices, including Jenkins, Bamboo, TeamCity, and Gradle.</li><li>Perform continuous vulnerability scans on data and product builds using automated tools like Nessus, SonarCloud, Amazon Macie, and Probely.</li><li>Implement penetration testing tools like gitGraber and GitMiner to secure CI/CD pipelines.</li><li>Use AWS and Azure tools to secure applications.</li><li>Integrate automated tools to identify security misconfigurations that could expose sensitive information and result in attacks.</li><li>Understand the concept of infrastructure as code and provision and configure infrastructure using tools like Ansible, Puppet, and Chef.</li><li>Audit code pushes, pipelines, and compliance using logging and monitoring tools like Sumo Logic, Datadog, Splunk, the ELK stack, and Nagios.</li><li>Use automated monitoring and alerting tools (e.g., Splunk, Azure Monitor, Nagios) and create a real-time alert and control system.</li><li>Integrate compliance-as-code tools like Cloud Custodian and the DevSec framework to ensure that organizational regulatory or compliance requirements are met without hindering production.</li><li>Scan and secure infrastructure using container and image scanners (Trivy and Qualys) and infrastructure security scanners (Bridgecrew and Checkov).</li><li>Integrate tools and practices to build continuous feedback into the DevSecOps pipeline using Jenkins and Microsoft Teams email notifications.</li><li>Integrate alerting tools like Opsgenie with log management and monitoring tools to enhance operations performance and security.</li></ul><p>Students should have an understanding of application security concepts.</p><ul> <li>C|ASE-certified professionals</li><li>Application security professionals</li><li>DevOps engineers</li><li>Software engineers and testers</li><li>IT security professionals</li><li>Cybersecurity engineers and analysts</li><li>Anyone with prior knowledge of application security who wants to build their career in DevSecOps</li></ul><ul> <li>Understanding DevOps Culture</li><li>Introduction to DevSecOps</li><li>DevSecOps Pipeline—Plan Stage</li><li>DevSecOps Pipeline—Code Stage</li><li>DevSecOps Pipeline—Build and Test Stage</li><li>DevSecOps Pipeline—Release and Deploy Stage</li><li>DevSecOps Pipeline—Operate and Monitor Stage</li></ul>- Understand DevOps security bottlenecks and discover how the culture, philosophy, practices, and tools of DevSecOps can enhance collaboration and communication across development and operations teams. - Understand the DevSecOps toolchain and how to include security controls in automated DevOps pipelines. - Integrate Eclipse and GitHub with Jenkins to build applications. - Align security practices like security requirement gathering, threat modeling, and secure code reviews with development workflows. - Integrate threat modeling tools like Threat Dragon, ThreatModeler, and Threatspec; manage security requirements with Jira and Confluence; and use Jenkins to create a secure CI/CD pipeline. - Understand and implement continuous security testing with static, dynamic, and interactive application security testing and SCA tools (e.g., Snyk, SonarQube, StackHawk, Checkmarx SAST, Debricked, WhiteSource Bolt). - Integrate runtime application selfprotection tools like Hdiv, Sqreen, and Dynatrace that protect applications during runtime with fewer false positives and remediate known vulnerabilities. - Integrate SonarLint with the Eclipse and Visual Studio Code IDEs. - Implement tools like the JFrog IDE plugin and the Codacy platform. - Integrate automated security testing into a CI/CD pipeline using Amazon CloudWatch; Amazon Elastic Container Registry; and AWS CodeCommit, CodeBuild, CodePipeline, Lambda, and Security Hub. - Implement various automation tools and practices, including Jenkins, Bamboo, TeamCity, and Gradle. - Perform continuous vulnerability scans on data and product builds using automated tools like Nessus, SonarCloud, Amazon Macie, and Probely. - Implement penetration testing tools like gitGraber and GitMiner to secure CI/CD pipelines. - Use AWS and Azure tools to secure applications. - Integrate automated tools to identify security misconfigurations that could expose sensitive information and result in attacks. - Understand the concept of infrastructure as code and provision and configure infrastructure using tools like Ansible, Puppet, and Chef. - Audit code pushes, pipelines, and compliance using logging and monitoring tools like Sumo Logic, Datadog, Splunk, the ELK stack, and Nagios. - Use automated monitoring and alerting tools (e.g., Splunk, Azure Monitor, Nagios) and create a real-time alert and control system. - Integrate compliance-as-code tools like Cloud Custodian and the DevSec framework to ensure that organizational regulatory or compliance requirements are met without hindering production. - Scan and secure infrastructure using container and image scanners (Trivy and Qualys) and infrastructure security scanners (Bridgecrew and Checkov). - Integrate tools and practices to build continuous feedback into the DevSecOps pipeline using Jenkins and Microsoft Teams email notifications. - Integrate alerting tools like Opsgenie with log management and monitoring tools to enhance operations performance and security.Students should have an understanding of application security concepts.- C|ASE-certified professionals - Application security professionals - DevOps engineers - Software engineers and testers - IT security professionals - Cybersecurity engineers and analysts - Anyone with prior knowledge of application security who wants to build their career in DevSecOps- Understanding DevOps Culture - Introduction to DevSecOps - DevSecOps Pipeline—Plan Stage - DevSecOps Pipeline—Code Stage - DevSecOps Pipeline—Build and Test Stage - DevSecOps Pipeline—Release and Deploy Stage - DevSecOps Pipeline—Operate and Monitor Stage3 jours2950.002950.002950.003300.002950.002950.002950.00