1 - Why learn DevSecOps?
2 - Pre-Requisites of Bootcamp
3 - DevSecOps Bootcamp Curriculum Overview
4 - Support and Other Bootcamp Materials
5 - Certified DevSecOps Practitioner - Applying for Digital Badge
1 - Introduction to Security (1 - Security Essentials)
2 - Importance of Security & Impact of Security Breaches
3 - How to Secure Systems Against Attacks
4 - Types of Security Attacks - Part 1
5 - Types of Security Attacks - Part 2
6 - OWASP top 10 - Part 1
7 - OWASP top 10 - Part 2
8 - Security in Layers
1 - Issues with Traditional Approach to Security (2 - Introduction to DevSecOps)
2 - Understand DevSecOps
3 - Roles & Responsibilities in DevSecOps
1 - Build a Continuous Integration Pipeline (3 - Application Vulnerability Scanning)
2 - Impact of Missing Security Insights
3 - Secret Scanning with GitLeaks - Local Environment
4 - Pre-commit Hook for Secret Scanning & Integrating GitLeaks in CI Pipeline
5 - False Positives & Fixing Security Vulnerabilities
6 - Integrate SAST Scans in Release Pipeline
1 - Generate Security Scanning Reports (4 - Vulnerability Management and Remediation)
2 - Introduction to DefectDojo, Managing Security Findings, CWEs
3 - Automate Uploading Security Scan Results to DefectDojo
4 - Fix Security Issues Discovered in the DevSecOps Pipeline
1 - Software Composition Analysis - Security Issues in Application Dependencies (5 - Vulnerability Scanning for Application Dependencies)
2 - Import SCA Scan Reports in DefectDojo, Fixing SCA Findings, CVEs
3 - Overview of Static Security Scans in CI Pipeline
1 - Overview of a CICD Pipeline (6 - Build a CD Pipeline)
2 - Introduction to Security Layers for AWS Access
3 - Integrate CICD Pipeline with AWS ECR
4 - Configure Application Deployment Environment on EC2 Server
5 - Deploy Application to EC2 Server with Release Pipeline
6 - Configure Self-Managed GitLab Runner for Pipeline Jobs
7 - Build Application Images on Self-Managed Runner, Leverage Docker Caching
1 - Overview of Image Security (7 - Image Scanning - Build Secure Docker Images)
2 - Configure Automated Security Scanning in Application Image
3 - Analyze & Fix Security Issues from Findings in Application Image
4 - Automate Uploading Image Scanning Results in DefectDojo
5 - Docker Security Best Practices
6 - Configure Automated Image Security Scanning in ECR Image Repository
7 - Overview of Automated Application Code and Image Scanning Steps
1 - AWS Security Essentials (8 - AWS Cloud Security & Access Management)
2 - Understand AWS Access Management using IAM Service
3 - Securing AWS Root User Account
4 - IAM Users, Groups & Policies
5 - Secure Access from CICD Pipeline to AWS
6 - Understand Importance of IAM Roles in AWS Cloud Security
7 - Overview of IAM Resources & Secure Access Management in AWS
1 - Security Essentials for Accessing Deployment Server (9 - Secure Continuous Deployment & DAST)
2 - Configure AWS Systems Manager for EC2 Server
3 - AWS SSM Commands in Release Pipeline for Server Access
4 - Secure Continuous Deployment to Server using SSM
5 - Secure Access to AWS with IAM Roles & Short-Lived Credentials
6 - Overview of AWS Security Measures and Continuous Security Improvements
7 - Understand Dynamic Application Security Testing (DAST)
8 - Configure Automated DAST Scans in CICD Pipeline
9 - Overview of Complete DevSecOps Pipeline with Static and Dynamic Security Scans
1 - Understand Impact of IaC in Security & DevSecOps (10 - IaC and GitOps for DevSecOps)
2 - Terraform Script for AWS Infrastructure Provisioning
3 - Replace Manually Created Infrastructure with Automatically Provisioned Resources
4 - Build CICD Pipeline for Infrastructure Code using GitOps Principles
5 - Configure Remote State for Terraform
6 - Add Automated Security Scan to TF Infrastructure Code
7 - Understand IaC Concept Cattle vs Pets
1 - Understand Need for Logging and Monitoring in Security (11 - Logging & Monitoring for Security)
2 - Introduction to CloudTrail and CloudWatch
3 - CloudTrail Event History
4 - Configure Multi-Region Trail in CloudTrail & Forward Logs to CloudWatch
5 - Create CloudWatch Alarm for EC2 Instance
6 - Create Custom Metric Filter for Failed Login Metrics
7 - Configure Alarm for Failed Login Attempts
8 - Configure AWS Budgets for Monthly Usage Costs
9 - Complete Bootcamp Part 1 - Next Steps


PDF
01 - Security Essentials
02 - Intro to DevSecOps
03 - App Vulnerability Scanning
04 - Vulnerability Management
05 - Vulnerability Scanning for App Dependencies
06 - Set up CD Pipeline
07 - Image Scanning
08 - AWS Cloud Security and Access Management
09 - Secure Continuous Deployment & DAST
10 - IaC and GitOps for DevSecOps
11 - Logging & Monitoring for Security