EC-Council Certified DevSecOps Engineer (E|CDE)

E|CDE is a lab-intensive program with over 70% of the curriculum dedicated to labs. It covers both application and infrastructure DevSecOps in on-premises and cloud-native platforms. Program offers in-depth training on leading cloud platforms and industry tools like AWS Cloud, Microsoft Azure, and GitHub. EICDE is the most comprehensive DevSecOps certification program which focuses on integrating security in the plan, code, build, test, deploy, release, operate and monitor stages of the DevOps lifecycle.

The E|CDE training is an intensive, hands-on DevSecOps course with more than 80 online and offline labs, including 32 labs covering on-premises environments, 32 labs focused on Amazon Web Services (AWS) Cloud, and 29 labs on Microsoft Azure.

Category: EC-Council

After completion of this course, students will be able to:

Understand DevOps security bottlenecks and discover how the culture, philosophy, practices, and tools of DevSecOps can enhance collaboration and communication across development and operations teams.
Integrate Eclipse and GitHub with Jenkins to build applications.
Integrate threat modeling tools like Threat Dragon, ThreatModeler, and Threatspec; manage security requirements with Jira and Confluence; and use Jenkins to create a secure CI/CD pipeline.
Integrate runtime application self-protection tools like Hdiv, Sqreen, and Dynatrace that protect applications during runtime with fewer false positives and remediate known vulnerabilities.
Implement tools like the Jfrog IDE plugin and the Codacy platform.
Implement various automation tools and practices, including Jenkins, Bamboo, TeamCity, and Gradle.
Implement penetration testing tools like gitGraber and GitMiner to secure CI/CD pipelines.
Integrate automated tools to identify security misconfigurations that could expose sensitive information and result in attacks.
Audit code pushes, pipelines, and compliance using logging and monitoring tools like Sumo Logic, Datadog, Splunk, the ELK stack, and Nagios.
Integrate compliance-as-code tools like Cloud Custodian and the DevSec framework to ensure that organizational regulatory or compliance requirements are met without hindering production.
Integrate tools and practices to build continuous feedback into the DevSecOps pipeline using Jenkins and Microsoft Teams email notifications.
Understand the DevSecOps toolchain and how to include security controls in automated DevOps pipelines.
Align security practices like security requirement gathering, threatmodeling, and secure code reviews with development workflows.
Understand and implement continuous security testing with static, dynamic, and interactive application security testing and SCA tools (e.g., Snyk, SonarQube, StackHawk, Checkmarx SAST, Debricked, WhiteSource Bolt).
Integrate SonarLint with the Eclipse and Visual Studio Code IDEs.
Integrate automated security testing into a CI/CD pipeline using Amazon CloudWatch; Amazon Elastic Container Registry; and AWS CodeCommit, CodeBuild, CodePipeline, Lambda, and Security Hub.
Perform continuous vulnerability scans on data and product builds using automated tools like Nessus, SonarCloud, Amazon Macie, and Probely.
Use AWS and Azure tools to secure applications.
Understand the concept of infrastructure as code and provision and configure infrastructure using tools like Ansible, Puppet, and Chef.
Use automated monitoring and alerting tools (e.g., Splunk, Azure Monitor, Nagios) and create a real-time alert and control system.
Scan and secure infrastructure using container and image scanners (Trivy and Qualys) and infrastructure security scanners (Bridgecrew and Checkov).
Integrate alerting tools like Opsgenie with log management and monitoring tools to enhance operations performance and security

Module 1: Understanding DevOps Culture

• This module of our DevSecOps course takes you through the foundational exploration of DevOps evolution and its role in the modern software development Life Cycle. Participants learn to implement DevOps methodologies in diverse environments, including on-premises, AWS, and Azure cloud settings. They grasp DevOps frameworks, Maturity Models in DevOps, assess security silos, and gain crucial insights to seamlessly integrate security across the developmental spectrum. This section equips professionals with the essential knowledge to merge DevOps culture and security measures.

Module 2: Introduction to DevSecOps

• This module of DevSecOps certification addresses security challenges inherent in DevOps processes. Participants gain insights into the essence of DevSecOps, delving into its cultural and strategic aspects. They comprehend the significance of continuous security integration within the DevSecOps pipeline, focusing on minimizing security bottlenecks. The module also familiarizes learners with various DevSecOps tools and strategies pivotal for efficient security implementation. This section empowers application security and DevOps professionals to bridge the gap between development, operations, and security, ensuring a holistic approach towards secure software delivery.

Module 3: DevSecOps Pipeline—Plan Stage

• This module explores crucial elements vital for fortifying the CI/CD pipeline. This segment delves into continuous threat modeling practices, equipping learners with the skills to seamlessly integrate threat modeling tools into the Cl/CD pipeline. Additionally, cybersecurity professionals gain proficiency in gathering security requirements from business functionalities and addressing technical security debts effectively. The module emphasizes the significance of pre-commit checks during planning, ensuring proactive security measures. Moreover, participants receive comprehensive training in secure code practices and awareness, alongside mastering various security tools essential for a robust DevSecOps framework. This module empowers professionals to proactively embed security throughout the development lifecycle, ensuring resilient and secure software deployment.

Module 4: DevSecOps Pipeline—Code Stage

• This module focuses on integrating security measures seamlessly into the code-writing process. Attendees gain expertise in integrating security plugins into Integrated Development Environments (IDEs) and configuring code scanning for GitHub repositories. Additionally, they learn to implement and scan source code repositories effectively while integrating secret management tools for heightened security. The module also emphasizes integrating Software Composition Analysis (SCA) tools, providing comprehensive insights into integrating these tools with various platforms like IDEs, source code repositories, and CI/CD tools such as Travis CI, Jenkins, GitLab, AWS, and Microsoft Azure. This module will empower Certified DevSecOps professionals to proactively embed security protocols within the code stage, ensuring robust and secure software development practices.

Module 5: DevSecOps Pipeline—Build and Test Stage

• This module focuses on integrating various security testing tools and frameworks seamlessly into the build and test stages. Attendees learn to incorporate Static Application Security Testing (SAST) tools and integrate them efficiently with cloud platforms like AWS and Microsoft Azure. Moreover, the module covers manual secure code review techniques, emphasizing their importance in identifying vulnerabilities. Participants also gain insights into Dynamic Application Security Testing (DAST) tools and their integration with cloud platforms. Additionally, they delve into Interactive Application Security Testing (IAST) tools and comprehend the intricacies of security testing frameworks. This module empowers professionals to proactively incorporate robust security testing practices into the development process, ensuring the deivery of security and resilience

Module 6: DevSecOps Pipeline—Release and Deploy Stage

• This module focuses on strengthening security during software release and deployment. Participants learn to integrate security tools like RASP, conduct penetration testing, and utilize vulnerability scanning. They explore Bug Bounty Programs and threat detection tools and adopt Infrastructure as Code (laC) principles using Terraform, AWs CloudFormation, and configuration orchestration tools like Ansible, Chef, Puppet, and Azure Resource Management. This module empowers professionals to ensure secure and resilient software deployment.

Module 7: DevSecOps Pipeline—Operate and Monitor Stage

• This module focuses on maintaining security during software operations and monitoring. Participants learn to scan for vulnerabilities in Infrastructure as Code (laC), secure containers, integrate monitoring tools, and adopt Compliance as Code (CaC) practices. They explore monitoring features in AWS and Azure, integrate a Web Application Firewall (WAF), and implement continuous feedback for proactive security. This module ensures robust security measures during software operations and monitoring. Enhance your skills and knowledge with our DevOps security certification. Become a Certified DevSecOps Engineer.

Length of exam	4 hours
Number of questions	100 questions
Question format	Multiple choice
Passing grade	70%
Exam availability	English
Testing center	EC-Council Exam Portal