DevSecOps - Build and Release Secure Software Faster
Description
In todays climate of data breaches and hacks - security has never been more paramount, more so if you're building and deploying at high velocity your own enterprise applications online. Enter DevSecOps!
DevSecOps promotes security across every part of the DevOps software lifecycle. Starting with development and extending all the way through into operations, security becomes everyones responsibility, all of the time.

This Learning Path is your one-stop guide to mastering DevSecOps. When it comes to managing, maintaining, and automating security, you'll want access to the right security tools for the right jobs, those that ultimately ensure your enterprise applications remain secure.
Learning Objectives
- Deepen your knowledge of the DevSecOps workflow and mantra
- Know which security tool to use and when to use it
Intended Audience
- Anyone interested in learning about DevSecOps
- Software Engineers and Developers
- Operations and SREs
Prerequisites
- Basic understanding of DevOps
- Basic understanding of software development
- Basic understanding of the software development life cycle
Content Outline
This Learning Path provides 16+ hours of instructional content delivered using both instructional video lectures and hands-on lab exercises.
Certificate

Learning Path Steps
This course introduces you to the DevOps Playbook Part 1.
This course introduces you to the DevOps Playbook Part 2.
This glossary provides an extensive list of terms related to the subject of DevOps.
This course will introduce some of the core themes of cyber security, followed by two software simulations.
In this lab, you will launch a Jenkins and SonarQube CICD environment using Docker containers on a provided EC2 instance.
Integrate static code analysis within a three-stage AWS CodePipeline CI/CD pipeline to prevent vulnerabilities from making it into production in this Lab.
Explore the benefits of static code analysis for infrastructure as code, specifically Terraform, and be alerted when the analysis detects an issue in this Lab.
Learn how to use Gauntlt for security testing and protect your code against attacks with Guantlt by embedding it into a continuous integration pipeline.
In this course, you'll learn about Terraform's core concepts including HashiCorp Configuration Language, providers, resources, and state.
This course explores the Go-written tool “Terraformer” — a CLI level tool that allows you to easily Terraform already existing resources in your environment.
Develop a test to validate a Terraform module using Terratest, a popular Golang library for testing Terraform code.
This Administering Kubernetes Clusters course covers the many networking and scheduling objectives of the Certified Kubernetes Administrator (CKA) exam curriculum.
This course covers many of the configuration, multi-container pods, and services & networking objectives of the Certified Kubernetes Application Developer (CKAD) exam curriculum.
This lab is designed to show you how to install and setup Kubernetes layer-7 Network Policies using Cilium.
Istio's traffic routing rules let you easily control the flow of traffic and API calls to and from deployed cluster resources. Learn how to use Istio to perform traffic routing to a pair of sample web applications, V1 and V2, deployed within a Kubernetes cl...
In this hands-on lab, you'll learn how to set up an effective monitoring solution using the Kubernetes Dashboard, Prometheus, and Grafana.
An introduction to the Open Web Application Security Project (OWASP) list of the top 10 most critical risks to web applications
This lab shows how to manage the security level of a DVWA application and how to perform a SQL injection to a DVWA application.
In this lab, you'll learn how to navigate through DVWA to perform an XSS attack to retrieve a session cookie.
In this lab, you'll perform the Heartbleed attack using the MetaSploit Framework in order to dump the contents of a vulnerable webserver using an unpatched version of OpenSSL.
This course will enable you to recognize, explain, and implement the services and functions provided by the HashiCorp Vault service.
Learn how to configure Vault to use your organization's LDAP identities and groups for authentication without duplicating usernames, passwords, or memberships.
Jeremy is the DevOps Content Lead at Cloud Academy where he specializes in developing technical training documentation for DevOps.
He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 20+ years. In recent times, Jeremy has been focused on DevOps, Cloud, Security, and Machine Learning.
Jeremy holds professional certifications for both the AWS and GCP cloud platforms.