DevSecOps - Build and Release Secure Software Faster

AVG Duration16h


In todays climate of data breaches and hacks - security has never been more paramount, more so if you're building and deploying at high velocity your own enterprise applications online. Enter DevSecOps!

DevSecOps promotes security across every part of the DevOps software lifecycle. Starting with development and extending all the way through into operations, security becomes everyones responsibility, all of the time.


This Learning Path is your one-stop guide to mastering DevSecOps. When it comes to managing, maintaining, and automating security, you'll want access to the right security tools for the right jobs, those that ultimately ensure your enterprise applications remain secure. 

Learning Objectives

  • Deepen your knowledge of the DevSecOps workflow and mantra
  • Know which security tool to use and when to use it

Intended Audience

  • Anyone interested in learning about DevSecOps
  • Software Engineers and Developers
  • Operations and SREs


  • Basic understanding of DevOps
  • Basic understanding of software development
  • Basic understanding of the software development life cycle 

Content Outline

This Learning Path provides 16+ hours of instructional content delivered using both instructional video lectures and hands-on lab exercises.


Your certificate for this learning path

Training Content

Course - Intermediate - 1h 13m
DevOps Playbook Part 1
This course introduces you to the DevOps Playbook Part 1.
Course - Advanced - 50m
DevOps Playbook Part 2
This course introduces you to the DevOps Playbook Part 2.
Resource - Not defined - 10m
DevOps Glossary of Terms
This glossary provides an extensive list of terms related to the subject of DevOps.
Course - Beginner - 20m
1. Understanding Cyber Security
This course will introduce some of the core themes of cyber security, followed by two software simulations.
Hands-on Lab - Intermediate - 3h
Create a Jenkins CICD Pipeline with SonarQube Integration to perform Static Code Analysis
In this lab, you will launch a Jenkins and SonarQube CICD environment using Docker containers on a provided EC2 instance.
Hands-on Lab - Intermediate - 1h
Static Code Analysis Within CI/CD Pipelines
Integrate static code analysis within a three-stage AWS CodePipeline CI/CD pipeline to prevent vulnerabilities from making it into production in this Lab.
Hands-on Lab - Intermediate - 2h
Static Analysis and Alerting for Infrastructure as Code
Explore the benefits of static code analysis for infrastructure as code, specifically Terraform, and be alerted when the analysis detects an issue in this Lab.
Hands-on Lab - Intermediate - 1h 15m
Protect Your Code Against Attacks With Gauntlt
Learn how to use Gauntlt for security testing and protect your code against attacks with Guantlt by embedding it into a continuous integration pipeline.
Course - Intermediate - 1h 10m
Managing Infrastructure With Terraform
In this course, you'll learn about Terraform's core concepts including HashiCorp Configuration Language, providers, resources, and state.
Course - Intermediate - 17m
Infrastructure to Code with Terraformer
This course explores the Go-written tool “Terraformer” — a CLI level tool that allows you to easily Terraform already existing resources in your environment.
Hands-on Lab - Advanced - 40m
Testing Terraform Code with Terratest
Develop a test to validate a Terraform module using Terratest, a popular Golang library for testing Terraform code.
Course - Intermediate - 1h 8m
Administering Kubernetes Clusters
This Administering Kubernetes Clusters course covers the many networking and scheduling objectives of the Certified Kubernetes Administrator (CKA) exam curriculum.
Course - Intermediate - 47m
Kubernetes Patterns for Application Developers
This course covers many of the configuration, multi-container pods, and services & networking objectives of the Certified Kubernetes Application Developer (CKAD) exam curriculum.
Hands-on Lab - Beginner - 1h 30m
Create Kubernetes Layer-7 Network Policies using Cilium CNI
This lab is designed to show you how to install and setup Kubernetes layer-7 Network Policies using Cilium.
Hands-on Lab - Intermediate - 1h 15m
Configure Traffic Routing Using Istio
Istio's traffic routing rules let you easily control the flow of traffic and API calls to and from deployed cluster resources. Learn how to use Istio to perform traffic routing to a pair of sample web applications, V1 and V2, deployed within a Kubernetes cluster.
Hands-on Lab - Intermediate - 2h 30m
Monitoring K8s with the Kubernetes Dashboard, Prometheus, and Grafana
In this hands-on lab, you'll learn how to set up an effective monitoring solution using the Kubernetes Dashboard, Prometheus, and Grafana.
Resource - Not defined - 10m
OWASP Top 10: Security Misconfiguration
Resource - Not defined - 15m
OWASP Top 10 Cheat Sheet
An introduction to the Open Web Application Security Project (OWASP) list of the top 10 most critical risks to web applications
Hands-on Lab - Intermediate - 1h
OWASP Exercises: SQL Injection
This lab shows how to manage the security level of a DVWA application and how to perform a SQL injection to a DVWA application.
Hands-on Lab - Intermediate - 1h
OWASP Exercises: Cross-Site Scripting Attack
In this lab, you'll learn how to navigate through DVWA to perform an XSS attack to retrieve a session cookie.
Hands-on Lab - Intermediate - 1h
OWASP Exercises: Exploiting the Heartbleed Bug
In this lab, you'll perform the Heartbleed attack using the MetaSploit Framework in order to dump the contents of a vulnerable webserver using an unpatched version of OpenSSL.
Course - Intermediate - 1h 44m
HashiCorp Vault
This course will enable you to recognize, explain, and implement the services and functions provided by the HashiCorp Vault service.
Hands-on Lab - Intermediate - 45m
Configuring Vault to Use LDAP Authentication
Learn how to configure Vault to use your organization's LDAP identities and groups for authentication without duplicating usernames, passwords, or memberships.
Exam - 30m
Final Exam - DevSecOps
Final Exam - DevSecOps
About the Author
Learning paths179

Jeremy is a Content Lead Architect and DevOps SME here at Cloud Academy where he specializes in developing DevOps technical training documentation.

He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 25+ years. In recent times, Jeremy has been focused on DevOps, Cloud (AWS, Azure, GCP), Security, Kubernetes, and Machine Learning.

Jeremy holds professional certifications for AWS, Azure, GCP, Terraform, Kubernetes (CKA, CKAD, CKS).