DevSecOps

سید سجاد میرصانع

• متوسط
• مسیر آبی
• ۱۰ درس

دربارۀ این دوره

مخاطبان

• مهندسان DevOps و مهندسان امنیت
• توسعه‌دهندگان نرم‌افزاری که به نوشتن کد ایمن و مدیریت آسیب‌پذیری نیاز دارند.
• آزمونگران نفوذ که به دنبال توسعۀ تست امنیتی DevSecOps هستند.
• مهندسان ابری که به ایمن‌سازی استقرارهای مبتنی‌بر ابر نیاز دارند.
• مدیران فناوری اطلاعات که امنیت را در محیط‌های CI/CD و ابر، مدیریت می‌کنند.

پیش‌نیازها

• دانش اولیۀ DevOps و CI/CD
• آشنایی با خط فرمان لینوکس و اسکریپت‌نویسی
• اصول اولیۀ شبکه و امنیت وب
• آشنایی با Git و کنترل نسخه
• مهارت‌های اولیۀ برنامه‌نویسی (Python ،Bash یا مشابه)

• Introduction to DevSecOps
  • What is DevSecOps?
  • Difference between DevOps and DevSecOps
  • Why Security is Important in DevOps?
  • DevSecOps Principles and Best Practices
• Secure Software Development Lifecycle (SDLC)
  • Understanding SDLC and SSDLC
  • Secure Coding Practices
  • OWASP Top 10 Security Risks
  • Threat Modeling in Software Development
• Security in CI/CD Pipelines
  • Introduction to CI/CD Pipeline Security
  • Source Code Security
  • Secure Version Control (Git security best practices)
  • Code Review and Secure Commit Strategies
  • CI/CD Security Best Practices
  • Secrets Management in CI/CD
  • Build Environment Hardening
  • Secure Artifact Storage
  • Automated Security Testing
  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Software Composition Analysis (SCA)
• Identity and Access Management (IAM)
  • Authentication and Authorization
  • Role-Based Access Control (RBAC) & Attribute-Based Access Control (ABAC)
  • Secure Secrets Management (Vault, AWS Secrets Manager, Azure Key Vault)
  • Implementing Least Privilege Access
• Infrastructure and Cloud Security
  • Introduction to Infrastructure as Code (IaC) Security
  • Secure Deployment Strategies
  • Cloud Security Best Practices
  • AWS, Azure, GCP Security Hardening
  • Identity and Permissions Management in Cloud
  • Cloud Compliance Standards (CIS, NIST, ISO 27001)
• Container and Kubernetes Security
  • Introduction to Container Security
  • Docker Security Best Practices
  • Image Scanning & Hardening
  • Least Privilege Execution
  • Kubernetes Security Best Practices
  • Role-Based Access Control (RBAC) in Kubernetes
  • Pod Security Policies (PSP)
  • Network Policies in Kubernetes
  • Kubernetes Secrets Management
  • Detecting and Mitigating Container Vulnerabilities
• Logging, Monitoring, and Incident Response
  • Introduction to Security Monitoring
  • Implementing Centralized Logging
  • Log Aggregation with ELK Stack, Splunk, and SIEM
  • Security Event Logging & Analysis
  • Intrusion Detection and Response
  • Incident Management & Forensics
• Penetration Testing and Threat Detection in DevSecOps
  • Introduction to DevSecOps Penetration Testing
  • Automated vs. Manual Security Testing
  • Common Security Testing Tools
  • Burp Suite, Metasploit, Nmap, OWASP ZAP
  • Red Team vs. Blue Team Approach in DevSecOps
• Compliance and Security Frameworks
  • Understanding Security Compliance Standards
  • ISO 27001, NIST, CIS, GDPR, HIPAA
  • Implementing Security Policies in DevSecOps
  • Security Risk Assessment and Management
• Final Project and Case Studies
  • Implementing DevSecOps in a Real-World Scenario
  • End-to-End Secure CI/CD Pipeline Deployment
  • Threat Hunting and Risk Mitigation in a DevOps Environment

گواهینامه‌ی دوره