DevSecOps

Hands-on DevSecOps Course

DevSecOps is an approach to integrating security into the software development and deployment processes. In today's world, where development speed is critically important, security should not be an obstacle but should be built into every stage of the development lifecycle.

In this course you'll learn the fundamentals of security in the software development lifecycle (SDLC) and find out how to integrate security checks at all stages of development. You'll get acquainted with static application security testing (SAST) methods for automatically detecting vulnerabilities and dynamic analysis (DAST) for testing the security of running applications.

You'll learn to secure containers, scan images for vulnerabilities, and protect containerized applications from threats. You'll study Web Application Firewall (WAF) for protecting web applications from various types of attacks and master Network Policy in Kubernetes for managing network traffic.

An important part of the course will be studying VPN technologies and securing the local host. You'll master the principle of least privilege for controlling access and managing permissions of users and services.

At the end of the course you'll study the OWASP Top 10 - the main web application vulnerabilities and methods to address them. You'll gain practical skills in working with security tools and learn to integrate them into a CI/CD pipeline to automate security checks.

The course is built on practical tasks that will allow you not only to learn the theory but also to gain real experience working with security tools. After completing the course, you'll be able to independently implement security practices in development processes and create more secure applications.

Step-by-step instructions

Progressing from simple to complex, following instructions step by step with a detailed description of the result

Automatic validation

After completing each task, you can check your solution right away without contacting an instructor

Ask a question anytime

Feedback from the course author at every step. A list of the most common questions with answers

Trained AI assistant

Available 24x7 to answer all your questions, conduct a technical interview, and provide a list of common questions on the topic

Hands-on tasks (11 lessons)

FAQ

What do I get after completing the course?

• An understanding of security principles in DevOps
• Skills in integrating security into the CI/CD pipeline
• The ability to perform static and dynamic code analysis
• Knowledge of container and orchestration security
• Experience working with WAFs and network policies
• An understanding of the principle of least privilege
• Knowledge of the OWASP Top 10 and protection methods
• Practical skills for securing applications

Who is this course for?

For DevOps engineers, developers, system administrators and information security specialists who want to integrate security into the development and deployment processes.

How does automatic validation of a task work?

A dedicated algorithm checks that security tools are configured correctly, that the WAF and network policy configurations are valid and that the result meets the task requirements

What baseline knowledge do I need to complete the tasks?

Basic knowledge of DevOps practices, an understanding of CI/CD processes, experience working with containers and basic knowledge of networking technologies

How long is this course expected to take?

The estimated time to complete this course is 12-18 hours. There are no fixed schedules; you learn at your own pace and always continue from where you left off.

If I can't find an answer to my question, will you help?

We will! If something is unclear at any step, just ask. If some information is missing altogether, ask as well. We may add a new section.

Can I skip some tasks and jump straight to an arbitrary one?

Yes, you can. However, keep in mind that some tasks depend on one or more previous ones. In that case, you need to complete those first.

How is this different from similar courses on well-known educational platforms?

To begin with, this is not a classic course but a hands-on practicum. Theory is given in the context of tasks. You'll gain real experience integrating security into DevOps processes, not just theoretical knowledge.