Comprehensive DevSecOps Training

DevSecOps Training Curriculum

Click each topic heading to view details.

2. Linux

• Introduction to Basic Commands
• Managing Files and Directories
• Permissions in Linux
• Package Management
• User and Group Management
• Text Editor
• File System Hierarchy
• Disk Management
• SSH, SCP, WGET and CURL commands usage
• Linux Firewall
• Linux Networking tools and protocols
• awk and sed command usage with examples

3. Git and GitHub

• Introduction to Git and GitHub
• Git Basics
• Branching strategy
• Working with Remote repositories
• Pull request best practices
• Secrets management with GitHub

4. Jenkins and GitHub Actions

• Introduction to Jenkins
• Installation and Configuration
• Plugins usage
• Pipelines creation as Code
• GitHub Actions Introduction
• Workflow creations
• CI/CD best practices
• Integrating Security Scans in CI/CD pipelines

5. Docker

• Monolith vs Microservices
• Cgroups vs Namespaces
• Docker Architecture
• Installation of Docker
• Docker Basic commands
• Image creation using Dockerfile
• Docker Volumes
• Docker Networking
• Docker Multistage builds
• Docker Compose
• Docker Registry
• Docker Security Best Practices
• Build an python application with sample database
• Analyzing logs for the containers

6. Kubernetes

• K8s Architecture
• Installation with kubeadm on AWS
• Kubectl and Kubeconfig
• Labels & Selector
• ReplicaSets
• Deployments
• Pods
• Multi-container pods
• Rolling updates and Rollbacks
• StatefulSets
• DaemonSets
• Namespaces
• Services
• Volumes
• Ingress
• NodeAffinity - AntiAffinity
• PodAffinity-AntiAffinity
• Taints-Tolerations
• Jobs-cronjobs
• Request limits
• ConfigMaps and Secrets
• RBAC and Service account
• Network policies
• Kustomize – Kubernetes Native Configuration Customization
• Helm - Package Manager for Kubernetes
• API Gateway
• Istio and Service Mesh

7. Amazon Web Services (AWS)

• AWS Console walkthrough
• Networking fundamentals
• VPC (Virtual Private Cloud)
• Public vs Private Subnets
• Internet Gateway
• NAT Gateway
• NACL (Network Access Control List)
• Elastic Cloud Compute (EC2)
• Security Group
• Elastic Block Storage (EBS)
• EBS Snapshots
• Amazon Machine Image (AMI)
• Simple Storage Service (S3)
• Identity and Access Management (IAM)
• Loadbalancer types and Autoscaling
• Relational Database Service (RDS)
• Route 53
• CloudWatch
• CloudTrail
• Lambda
• API Gateway
• Elastic Container Registry (ECR)
• Elastic Container Service (ECS)
• Elastic Kubernetes Service (EKS)

8. Infrastructure as Code Terraform

• Introduction to Infrastructure as Code
• Overview to Terraform
• Installation of AWS config
• Making use of Terraform Official Documentation
• Authentication and Authorization
• Terraform and Provider version best practices
• Terraform Cloud usage with Dynamic credentials
• Launch EC2 with Terraform
• Resources and providers
• Security Groups, EIP, IAM
• Output Values
• Plan VS Apply vs Destroy
• Attributes and variable
• Data Types [List, map, Set etc.]
• Meta Arguments, count, count index
• Locals, Data sources
• Load Order and Semantics
• Dynamic Blocks
• Lifecycle Meta-Arguments
• Provisioners [Local and Remote Exec]
• Modules, Workspace
• Remote State Files Management and State locking

9. Observability

• ELK Stack
• Prometheus
• Grafana dashboard

10. GitOps - Continuous Kubernetes Deployments

• Introduction to GitOps methodology
• Argo CD - Kubernetes-native GitOps Continuous Delivery tool
• Features and architecture of Argo CD
• How Argo CD synchronizes Git repositories to Kubernetes clusters
• Using Argo CD CLI and Web UI
• Multi-cluster and multi-team support with Argo CD

11. Scripting

• Bash Introduction
• Scenarious where bash scripting useful
• Python Basics
• Real time usage of Python scripts

12. Security in DevSecOps

• Introduction to Application Security
• OWASP Top 10 Vulnerabilities
• Static Application Security Testing (SAST) tools (SonarQube, Checkmarx)
• Software Composition Analysis (SCA) tools (Snyk, Dependabot)
• Container Security (Aqua, Trivy)
• Kubernetes Security (Kube-bench, Kube-hunter)
• Infrastructure as Code (IaC) Security (Checkov, TFSec)
• Integrating security tools into CI/CD pipelines
• Best practices for secure coding and DevSecOps culture

Testimonials

Submit Your Testimonial

Contact Us

For inquiries or to enroll, email us at traindevsecops@gmail.com or fill out the form below: