Course Outline
Understanding SDLC and Secure SDLC
SDLC Automation with Continuous Integration/Continuous Deployment (CI/CD) Methodology
SDLC Integration Using DevOps Methodologies
SDLC Automation, Integrations, and Security Enhancements Using DevSecOps
OWASP DevSecOps Tools
Threat Modeling Using OWASP Threat Dragon
SBOM Integration Using OWASP CycloneDX
Automating Vulnerability Checks Using OWASP Dependency Track
Vulnerability Lifecycle Management Using OWASP DefectDojo
Integrating Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) Tools into Software Pipelines
The course includes hands-on practice with industry-standard tools for secure SDLC and DevSecOps, such as:
- Threat Modeling: OWASP Threat Dragon
- Software Bill of Materials (SBOM): OWASP CycloneDX
- Vulnerability Scanning: OWASP Dependency Track
- Vulnerability Lifecycle Management: OWASP DefectDojo
- CI/CD Pipeline Tools: Jenkins, GitHub Actions, GitLab CI/CD
- Security Testing Tools: Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) solutions
The course provides several key benefits, making it valuable for professionals looking to enhance their skills in secure software development:
Enhanced Security Knowledge – Gain expertise in integrating security within SDLC, DevOps, and CI/CD pipelines.
Hands-on Experience – Work with industry-leading OWASP tools for security automation and vulnerability management.
Career Growth – Secure SDLC and DevSecOps skills are in high demand, opening up new job opportunities.
Compliance and Risk Mitigation – Learn how to implement security controls that meet compliance standards like ISO 27001, NIST, and GDPR.
Process Efficiency – Automate security checks, reducing manual effort while improving application security.
Competitive Advantage – Organizations benefit from reducing vulnerabilities early in the software lifecycle, saving time and costs associated with late-stage security fixes.
This course is an ideal investment for professionals and businesses looking to build secure, resilient, and compliant software solutions for government.
Requirements
Participants should meet the following prerequisites to maximize their learning experience in this course:
- A foundational understanding of software development and SDLC concepts.
- Familiarity with DevOps methodologies and CI/CD pipelines.
- An overview of security principles and best practices.
- Some practical experience with cloud-based or local development environments is beneficial but not mandatory.
Participants are required to have the following accounts for hands-on labs and tool integrations:
- GitHub or GitLab (Free) – For CI/CD pipeline setup and DevSecOps automation.
- Cloud-based DevOps environment (optional) – Such as AWS, Azure, or GCP, if cloud deployment is covered.
- Docker (optional) – If local containerized development is used.
This course is designed for professionals involved in software development, security, and DevOps within the public sector, including:
- Software Developers – To integrate security into their development processes for government.
- DevOps Engineers – To automate and streamline security in CI/CD pipelines for government.
- Security Engineers – To implement and monitor secure DevOps practices for government.
- Application Security Professionals – To enhance security testing and vulnerability management for government.
- QA Engineers – To integrate security checks into automated testing frameworks for government.
- IT Managers & Architects – To design and oversee secure software delivery workflows for government.
Testimonials (1)
There were many practical exercises supervised and assisted by the trainer
