Course Outline
Understanding SDLC and Secure SDLC
Automating SDLC with Continuous Delivery/Continuous Deployment (CD/CD) Methodology
Integrating SDLC Using DevOps Methodologies
Automating, Integrating, and Securing SDLC Using DevSecOps
OWASP DevSecOps Tools
Threat Modeling with OWASP Threat Dragon
SBOM Integration Using OWASP CycloneDX
Automating Vulnerability Checks Using OWASP Dependency Track
Vulnerability Lifecycle Management Using OWASP DefectDojo
Integrating Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) Tools into Software Pipelines
The course includes hands-on practice with industry-standard tools for secure SDLC and DevSecOps, such as:
- Threat Modeling: OWASP Threat Dragon
- Software Bill of Materials (SBOM): OWASP CycloneDX
- Vulnerability Scanning: OWASP Dependency Track
- Vulnerability Lifecycle Management: OWASP DefectDojo
- CI/CD Pipeline Tools: Jenkins, GitHub Actions, GitLab CI/CD
- Security Testing Tools: SAST and DAST solutions
The course provides several key benefits, making it valuable for professionals looking to enhance their skills in secure software development for government:
Enhanced Security Knowledge – Gain expertise in integrating security within SDLC, DevOps, and CI/CD pipelines.
Hands-on Experience – Work with industry-leading OWASP tools for security automation and vulnerability management.
Career Growth – Secure SDLC and DevSecOps skills are in high demand, opening up new job opportunities for government professionals.
Compliance and Risk Mitigation – Learn how to implement security controls that meet compliance standards such as ISO 27001, NIST, and GDPR for government operations.
Process Efficiency – Automate security checks, reducing manual effort while improving application security in government systems.
Competitive Advantage – Organizations benefit from reducing vulnerabilities early in the software lifecycle, saving time and costs associated with late-stage security fixes, particularly in the public sector.
This course is an ideal investment for professionals and businesses looking to build secure, resilient, and compliant software solutions for government operations.
Requirements
Participants should have the following prerequisites to maximize their learning experience in this course:
- A basic understanding of software development and SDLC concepts.
- Familiarity with DevOps methodologies and CI/CD pipelines.
- General knowledge of security principles and best practices.
- Some hands-on experience with cloud-based or local development environments is beneficial but not mandatory.
Participants are required to have the following accounts for hands-on labs and tool integrations:
- GitHub or GitLab (Free) – For CI/CD pipeline setup and DevSecOps automation.
- Cloud-based DevOps environment (optional) – Such as AWS, Azure, or GCP, if cloud deployment is covered.
- Docker (optional) – If local containerized development is used.
This course is designed for professionals involved in software development, security, and DevOps, including:
- Software Developers – To integrate security into their development process.
- DevOps Engineers – To automate and streamline security in CI/CD pipelines.
- Security Engineers – To implement and monitor secure DevOps practices.
- Application Security Professionals – To enhance security testing and vulnerability management.
- QA Engineers – To integrate security checks into automated testing frameworks.
- IT Managers & Architects – To design and oversee secure software delivery workflows for government.
Testimonials (1)
There were many practical exercises supervised and assisted by the trainer
