Practical DevSecOps Datasheet

DevSecOps Professional Course

DevSecOps Professional Course

Course Objective
We all have heard about DevSecOps, Shifting Left, Rugged DevOps but there
are no clear examples or frameworks available for security professionals to

68% implement in their organization. This hands-on course will teach you exactly
that, tools and techniques to embed security as part of the DevOps pipeline.
We will learn how unicorns like Google, Facebook, Amazon, Etsy handle
of companies plan to
security at scale and what we can learn from them to mature our security
use DevSecOps
practices within the programs.
next two years11
In DevSecOps Professional training you will learn how to handle security at
scale using DevSecOps practices. We will start off with the basics of the
Practical DevSecOps is the DevOps, DevSecOps and move towards advanced concepts such as Security
world's first dedicated as Code, Compliance as Code, Configuration management, Infrastructure as
DevSecOps certification code, etc.,
program.

Course Syllabus
The CDP course takes you through the series of stages and maturity levels to
mature an organization into a DevSecOps shop. We will cover the following
topics as part of the course.
1. Introduction to DevOps and DevSecOps
2. Introduction to the Tools of the trade
3. Secure SDLC and CI/CD pipeline
4. Software Component Analysis (SCA)
5. Static Analysis(SAST) in CI/CD pipeline.
6. Dynamic Analysis(DAST) in CI/CD pipeline.
7. Infrastructure as Code and its security.
8. Compliance as code
9. Vulnerability Management with custom tools

What will students learn?

The students will learn how to:
1. Create a culture of sharing and collaboration among the stakeholders.
2. Scale security team's effort to reduce the attack surface.
3. Embed security as part of DevOps and CI/CD
4. Start or mature your application security program using modern Secure
SDLC practices.
5. Harden infrastructure using Infrastructure as Code and maintain
compliance using Compliance as Code tools and techniques.
@PDevSecOps 6. Consolidate and co-relate vulnerabilities to scale false-positive analysis
facebook.com/pdevsecops using automated tools.
linkedin.com/company/pdevsecops
practical-devsecops.com 1 Security for DevOps - Enterprise Survey Report, September 2019
 Practical DevSecOps Datasheet

DevSecOps Professional Course

DevSecOps Professional Course

Who should take this course?

This course is aimed at anyone who is looking to embed security as part of
agile/cloud/DevOps environments like Security Professionals, Penetration
About Practical DevSecOps
Testers, IT managers, Developers and DevOps Engineers

Practical DevSecOps (a Hysn

Technologies Inc company) What students will be provided?
offers vendor-neutral,
practical, and hands-on
The students will be provided with:
DevSecOps training and 1. Training manuals and lab guide.
certification programs for IT 2. Course videos and checklists.
Professionals. Our online
3. Tools used during the course.
training and certifications are
focused on modern areas of 4. 30 days online lab access.
information security, 5. CDP certification attempt.
including DevOps Security, 6. Access to the dedicated course slack channel.
Cloud-Native Security, Cloud
Security & Container security.
The certifications are Student Prerequisites
achieved after rigorous
tests(12-24 hour exams) of There are no required prerequisites to attend the course however the
skill and are considered the students will benefit from having basic knowledge about Linux commands
most valuable in the
information security field.
like ls, cd, mkdir, etc., and application Security practices like OWASP Top 10.

USA Software and Hardware Requirements

201 Spear St #1100, San
Francisco, CA 94105. Our state of the lab is deployed on AWS so you would need the following to
+1 (415) 800 4768
connect to the lab environment.
trainings@practical-
devsecops.com 1. Laptop with decent specs atleast 4GB of RAM and a modern CPU to login
into our lab VPN.
Singapore 2. Administrator access to install software like VirtualBox, VPN client and
531A Upper Cross Street #04-
95 Hong Lim Complex 051531
change BIOS settings to enable virtualization
+65 85042132
apac@practical- Training Duration
devsecops.com
2-4 days of Instructor-led training with 30 days of online lab access.
India 
Hyderabad, India Learn more
+91 81216 77008
apac@practical- To learn more about our courses, certifications and pricing, contact our team
devsecops.com or visit https://practical-devsecops.com/courses-and-certifications/

@PDevSecOps
facebook.com/pdevsecops
Copyright © 2019 Hysn Technologies, Inc. Practical DevSecOps, Hysn , and the Practical DevSecOps logo are
linkedin.com/company/pdevsecops
trademarks or registered trademarks of Hysn Technologies, Inc. or its subsidiaries in the United States and other
practical-devsecops.com countries. All other trademarks are the property of their respective owners..
 Practical DevSecOps Datasheet

DevSecOps Professional Course

Professional Course - Detailed Syllabus

Introduction to DevOps and DevSecOps

1. What is DevOps?
2. DevOps Building Blocks- People, Process and Technology.
About Practical DevSecOps 3. DevOps Principles - Culture, Automation, Measurement and Sharing
Practical DevSecOps (a Hysn
(CAMS)
Technologies Inc company) 4. Benefits of DevOps - Speed, Reliability, Availability, Scalability, Automation,
offers vendor-neutral, Cost and Visibility.
practical, and hands-on
5. What is Continuous Integration and Continuous Deployment?
DevSecOps training and
certification programs for IT a. Continuous Integration to Continuous Deployment to Continuous
Professionals. Our online Delivery.
training and certifications are b. Continuous Delivery vs Continuous Deployment.
focused on modern areas of
c. General workflow of CI/CD pipeline.
information security,
including DevOps Security, d. Blue/Green deployment strategy.
Cloud-Native Security, Cloud e. Achieving full automation.
Security & Container security. f. Designing a CI/CD pipeline for a web application.
The certifications are
achieved after rigorous
6. Common Challenges faced when using DevOps principle.
tests(12-24 hour exams) of 7. Case studies on DevOps of cutting edge technology at Facebook, Amazon,
skill and are considered the and Google
most valuable in the
8. Demo: A full enterprise-grade DevSecOps Pipeline.
information security field.

USA Introduction to the Tools of the trade

201 Spear St #1100, San
Francisco, CA 94105. 1. Github/Gitlab/BitBucket
+1 (415) 800 4768 2. Docker
trainings@practical- 3. Docker Registry
devsecops.com
4. Ansible
Singapore 5. Jenkins/Travis/Gitlab CI/Bitbucket
531A Upper Cross Street #04- 6. Gauntlt
95 Hong Lim Complex 051531
7. Inspec
+65 85042132
apac@practical- 8. Bandit/retireJS/Nmap
devsecops.com 9. Hands-On Labs: Use Vagrant to practice Infrastructure as a Code
10.Hands-On Labs: Building a CI Pipeline using Jenkins/Travis and
India 
Hyderabad, India
GitHub/bitbucket.
+91 81216 77008 11.Hands-On Labs: Use the above tools to create a complete CI/CD pipeline.
apac@practical-
devsecops.com

@PDevSecOps
facebook.com/pdevsecops
Copyright © 2019 Hysn Technologies, Inc. Practical DevSecOps, Hysn , and the Practical DevSecOps logo are
linkedin.com/company/pdevsecops
trademarks or registered trademarks of Hysn Technologies, Inc. or its subsidiaries in the United States and other
practical-devsecops.com countries. All other trademarks are the property of their respective owners..
 Practical DevSecOps Datasheet

DevSecOps Professional Course

Professional Course - Detailed Syllabus

Secure SDLC and CI/CD pipeline

1. What is Secure SDLC
2. Secure SDLC Activities and Security Gates
About Practical DevSecOps a. Security Requirements ( Requirements)
Practical DevSecOps (a Hysn b. Threat Modelling (Design)
Technologies Inc company) c. Static Analysis and Secure by Default ( Implementation)
offers vendor-neutral, d. Dynamic Analysis(Testing)
practical, and hands-on
e. OS Hardening, Web/Application Hardening (Deploy)
DevSecOps training and
certification programs for IT f. Security Monitoring/Compliance (Maintain)
Professionals. Our online 3. DevSecOps Maturity Model (DSOMM)
training and certifications are a. Maturity levels and tasks involved
focused on modern areas of
information security,
b. 4-axes in DSOMM
including DevOps Security, c. How to go from Maturity Level 1 to Maturity Level 4
Cloud-Native Security, Cloud d. Best practices for Maturity Level 1
Security & Container security.
e. Considerations for Maturity Level 2
The certifications are
achieved after rigorous f. Challenges in Maturity Level 3
tests(12-24 hour exams) of g. Dream of achieving Maturity Level 2
skill and are considered the 4. Using tools of the trade to do the above activities in CI/CD
most valuable in the
5. Embedding Security as part of CI/CD pipeline
information security field.
6. DevSecOps and challenges with Pentesting and Vulnerability Assessment.
USA 7. Hands-on: Create a CI/CD pipeline suitable for modern applications.
201 Spear St #1100, San 8. Hands-on: Manage the findings in a fully automated pipeline.
Francisco, CA 94105.
+1 (415) 800 4768
trainings@practical- Software Component Analysis(CSA) in CI/CD pipeline
devsecops.com
1. What is Software Component Analysis?
Singapore 2. Software Component Analysis and its challenges.
531A Upper Cross Street #04- 3. What to look in an SCA solution (Free or Commercial).
95 Hong Lim Complex 051531 4. Embedding SCA tools like OWASP Dependency Checker, Safety, RetireJs,
+65 85042132
apac@practical-
and NPM Audit, Snyk into the pipeline.
devsecops.com 5. Demo: using OWASP Dependency Checker to scan third party component
vulnerabilities in Java Code Base.
India 
6. Hands-On Labs: using RetireJS and NPM to scan third party component
Hyderabad, India
+91 81216 77008 vulnerabilities in Javascript Code Base.
apac@practical- 7. Hands-On Labs: using Safety/pip to scan third party component
devsecops.com vulnerabilities in Python Code Base.

@PDevSecOps
facebook.com/pdevsecops
Copyright © 2019 Hysn Technologies, Inc. Practical DevSecOps, Hysn , and the Practical DevSecOps logo are
linkedin.com/company/pdevsecops
trademarks or registered trademarks of Hysn Technologies, Inc. or its subsidiaries in the United States and other
practical-devsecops.com countries. All other trademarks are the property of their respective owners..
 Practical DevSecOps Datasheet

DevSecOps Professional Course

Professional Course - Detailed Syllabus

SAST (Static Analysis) in CI/CD pipeline

1. What is Static Application Security Testing?
2. Static Analysis and its challenges.
About Practical DevSecOps 3. Embedding SAST tools into the pipeline.
Practical DevSecOps (a Hysn 4. Secrets scanning to prevent secret exposure in the code.
Technologies Inc company) 5. Writing custom checks to catch secrets leakage in an organization.
offers vendor-neutral, 6. Hands-On Labs: using SpotBugs to scan Java code.
practical, and hands-on
7. Hands-On Labs: using Trufflehog/Gitrob to scan for secrets in CI/CD
DevSecOps training and
certification programs for IT pipeline.
Professionals. Our online 8. Hands-On Labs: using brakeman/bandit to scan Ruby on Rails and Python
training and certifications are Code Base.
focused on modern areas of
information security,
including DevOps Security, DAST (Dynamic Analysis) in CI/CD pipeline
Cloud-Native Security, Cloud
1. What is Dynamic Application Security Testing?
Security & Container security.
The certifications are 2. Dynamic Analysis and Its challenges ( Session Management, AJAX Crawling )
achieved after rigorous 3. Embedding DAST tools like ZAP and Burp Suite into the pipeline.
tests(12-24 hour exams) of 4. SSL misconfiguration testing
skill and are considered the
most valuable in the
5. Server Misconfiguration Testing like secret folders and files.
information security field. 6. Sqlmap testing for SQL Injection vulnerabilities.
7. Hands-On Labs: using ZAP to configure per commit/weekly/monthly
USA scans.
201 Spear St #1100, San
Francisco, CA 94105.
8. Demo: using Burp Suite to configure per commit/weekly/monthly scans.
+1 (415) 800 4768
trainings@practical- Infrastructure as Code and Its Security
devsecops.com
1. What is Infrastructure as Code and its benefits?
Singapore 2. Platform + Infrastructure Definition + Configuration Management.
531A Upper Cross Street #04- 3. Introduction to Ansible.
95 Hong Lim Complex 051531 a. Benefits of Ansible.
+65 85042132
apac@practical-
b. Push and Pull based configuration management systems
devsecops.com c. Modules, tasks, roles, and Playbooks
4. Tools and Services which helps to achieve IaaC
India 
5. Hands-On Labs: Vagrant, Docker, and Ansible
Hyderabad, India
+91 81216 77008 6. Hands-On Labs: Using Ansible to create Golden images and harden
apac@practical- Infrastructure.
devsecops.com

@PDevSecOps
facebook.com/pdevsecops
Copyright © 2019 Hysn Technologies, Inc. Practical DevSecOps, Hysn , and the Practical DevSecOps logo are
linkedin.com/company/pdevsecops
trademarks or registered trademarks of Hysn Technologies, Inc. or its subsidiaries in the United States and other
practical-devsecops.com countries. All other trademarks are the property of their respective owners..
 Practical DevSecOps Datasheet

DevSecOps Professional Course

Professional Course - Detailed Syllabus

Compliance as code
1. Different approaches to handle compliance requirements at DevOps scale
2. Using configuration management to achieve compliance.
About Practical DevSecOps 3. Manage compliance using Inspec/OpenScap at Scale.
Practical DevSecOps (a Hysn 4. Hands-On Labs: Create an Inspec profile to create compliance checks for
Technologies Inc company) your organization
offers vendor-neutral, 5. Hands-On Labs: Use Inspec profile to scale compliance.
practical, and hands-on
DevSecOps training and
certification programs for IT Vulnerability Management with custom tools
Professionals. Our online
training and certifications are 1. Approaches to manage the vulnerabilities in the organization. 
focused on modern areas of 2. Hands-On Labs: Using Defect Dojo for vulnerability management.
information security,
including DevOps Security,
Cloud-Native Security, Cloud
Security & Container security.
The certifications are
achieved after rigorous
tests(12-24 hour exams) of
skill and are considered the
most valuable in the
information security field.

USA
201 Spear St #1100, San
Francisco, CA 94105.
+1 (415) 800 4768
trainings@practical-
devsecops.com

Singapore
531A Upper Cross Street #04-
95 Hong Lim Complex 051531
+65 85042132
apac@practical-
devsecops.com

India 
Hyderabad, India
+91 81216 77008
apac@practical-
devsecops.com

@PDevSecOps
facebook.com/pdevsecops
Copyright © 2019 Hysn Technologies, Inc. Practical DevSecOps, Hysn , and the Practical DevSecOps logo are
linkedin.com/company/pdevsecops
trademarks or registered trademarks of Hysn Technologies, Inc. or its subsidiaries in the United States and other
practical-devsecops.com countries. All other trademarks are the property of their respective owners..
 Practical DevSecOps Datasheet

DevSecOps Professional Course

Professional Course - Certification Process

Exam and certification process

Our certifications are well recognized in the industry as we ensure our
students gain practical skills to implement DevSecOps. To ensure we deliver
About Practical DevSecOps on our promise, we have a rigorous certification program.
Practical DevSecOps (a Hysn
Technologies Inc company) CDP exam is an online, task-oriented exam where you attempt to solve 5
offers vendor-neutral, challenges (tasks) in a span of 12 hours. The exam is based on the content
practical, and hands-on
covered in the course but might require further research to pass the exam.
DevSecOps training and
certification programs for IT Once the exam is done, you have 24 hours to send us the exam report to
Professionals. Our online [email protected].
training and certifications are
focused on modern areas of
information security,
Please note, it’s not an MCB or tests your memory type of exam but practical
including DevOps Security, applicability of the content covered in the course.
Cloud-Native Security, Cloud
Security & Container security. Exam Pass percentage
The certifications are
achieved after rigorous The student needs to achieve at least 80 points (80%) to achieve the CDP
tests(12-24 hour exams) of certification.
skill and are considered the
most valuable in the Steps Involved
information security field.
A typical certification flow involves 5 steps.
USA
201 Spear St #1100, San Step 1: The student schedules the exam at http://bit.ly/cdp-exam.
Francisco, CA 94105.
+1 (415) 800 4768
Step 2: We will send you details about the exam and challenges, 30 minutes
trainings@practical- before the exam start time. Our instructors will be there to assist you if you
devsecops.com face any difficulty while connecting to the exam lab.
Step 3: The student will connect to the exam lab using the above details and
Singapore
531A Upper Cross Street #04- attempts the exam.
95 Hong Lim Complex 051531 Step 4: After the exam, the student will have 24 hours to send us the exam
+65 85042132 report along with solutions.
apac@practical-
Step 5: Practical DevSecOps team will evaluate the report and share the
devsecops.com
result(pass/fail) with the student.
India 
Hyderabad, India Exam Challenges/tasks
+91 81216 77008
apac@practical-
The exam has 5 challenges for the exam, each of these challenges provides
devsecops.com you points based on how complete or partial your solution was. You would
need to score 80 points out of 100 (80%) to achieve the CDP certification.

Exam documentation
@PDevSecOps
facebook.com/pdevsecops After the exam, you have about 24 hours to send us the exam report on our
linkedin.com/company/pdevsecops email [email protected].
practical-devsecops.com