Overview
The Secure DevOps Practitioner Learning Path includes a variety of security courses designed for those
who work closely with Software Engineers to help them deploy and operate various systems. The curriculum provides teams with a solid foundation of security features necessary to automate and streamline operations and processes while keeping security top of mind. Learners will apply best practices to develop new features and write scripts across various technologies.
Courses
- COD 102 – The Role of Software Security
- COD 103 – Creating Software Security Requirements
- COD 104 – Designing Secure Software
- COD 105 – Secure Software Development
- COD 106 – The Importance of Software Integration and Testing
- COD 107 – Secure Software Deployment
- COD 108 – Software Operations and Maintenance
- DES 101 – Fundamentals of Secure Architecture
- DES 151 – Fundamentals of the PCI Secure SLC Standard
- ENG 123 – Essential Security Engineering Principles
- ENG 124 – Essential Application Protection
- ENG 125 – Essential Data Protection
- TST 101 – Fundamentals of Security Testing
Overview
The Secure DevOps Practitioner Learning Path includes a variety of security courses designed for those
who work closely with Software Engineers to help them deploy and operate various systems. The curriculum provides teams with a solid foundation of security features necessary to automate and streamline operations and processes while keeping security top of mind. Learners will apply best practices to develop new features and write scripts across various technologies.
Courses
- API 210 – Mitigating APIs Lack of Resources & Rate Limiting
- API 211 – Mitigating APIs Broken Object Level Authorization
- API 213 – Mitigating APIs Mass Assignment
- API 214 – Mitigating APIs Improper Asset Management
- API 250 – Controlling Access to the Kubernetes API
- COD 252 – Securing Google Platform Applications & Data
- CYB 211 – Identifying and Protecting Assets Against Ransomware
- DES 206 – Meeting Cloud Governance and Compliance Requirements
- DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing
- DES 209 – Authentication and Lifecycle Management
- DES 214 – Securing Infrastructure Architecture
- DES 215 – Defending Infrastructure
- DES 216 – Protecting Cloud Infrastructure
- DES 218 – Protecting Microservices, Containers, and Orchestration
- DES 235 – Mitigating OWASP 2021 Insecure Design
- DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)
- DES 261 – Securing Serverless Environments
- DSO 201 – Fundamentals of Secure DevOps
- DSO 211 – Identifying Threats to Containers in a DevSecOps Framework
- DSO 212 – Fundamentals of Zero Trust Security
- DSO 253 – DevSecOps in the AWS Cloud
- DSO 254 – DevSecOps in the Azure Cloud
- DSO 256 – DevSecOps in the Google Cloud Platform
- ENG 205 – Fundamentals of Threat Modeling
- ENG 251 – Risk Management Foundations
- LAB 101 – Identifying Broken Access Control Vulnerabilities
- LAB 102 – Identifying Broken Object-Level Authorization Vulnerabilities
- LAB 103 – Identifying Broken User Authentication Vulnerabilities
- LAB 104 – Identifying Business Logic Flaw Vulnerabilities
- LAB 105 – Identifying Credential Dumping: Vulnerability Identification
- LAB 106 – Identifying Cross-Site Scripting Vulnerabilities
- LAB 107 – Identifying Injection Vulnerabilities
- LAB 108 – Identifying Reverse Engineering Vulnerabilities
- LAB 109 – Identifying Security Misconfiguration Vulnerabilities
- LAB 110 – Identifying Sensitive Data Exposure Vulnerability Identification
- LAB 114 – Identifying Cookie Tampering
- LAB 115 – Identifying Reflective XSS
- LAB 116 – Identifying Forceful Browsing
- LAB 117 – Identifying Hidden Form Field
- LAB 118 – Identifying Weak File Upload Validation
- LAB 119 – Identifying Persistent XSS
- LAB 120 – Identifying XML Injection
- TST 202 – Penetration Testing Fundamentals
- TST 205 – Performing Vulnerability Scans
- TST 206 – ASVS Requirements for Developers
Overview
The Secure DevOps Practitioner Learning Path includes a variety of security courses designed for those
who work closely with Software Engineers to help them deploy and operate various systems. The curriculum provides teams with a solid foundation of security features necessary to automate and streamline operations and processes while keeping security top of mind. Learners will apply best practices to develop new features and write scripts across various technologies.
Courses
- CYB 310 – Using Cyber Supply Chain Risk Management (C-SCRM) to Mitigate Threats to IT/OT (NEW)
- CYB 311 – Threat Analysis with AI (NEW)
- DES 313 – Hardening a Kubernetes Cluster
- DES 314 – Hardening the Docker Engine
- DSO 301 – Orchestrating Secure System and Service Configuration
- DSO 302 – Automated Security Testing
- DSO 303 – Automating Security Updates
- DSO 304 – Securing API Gateways in a DevSecOps Framework
- DSO 305 – Automating CI/CD Pipeline Compliance
- DSO 306 – Implementing Infrastructure as Code
- DSO 307 – Secure Secrets Management
- ENG 312 – How to Perform a Security Code Review
- ENG 351 – Preparing the Risk Management Framework
Overview
Learning Path Details
Number of Courses: 54
Number of Labs: 17
Total Duration: 20 hours
Total CPE Credits: 24