SE-EL4Semester 74 (3-0-2)Elective

Secure Software Development (DevSecOps)

Syllabus

Unit 1: DevSecOps Principles and Secure SDLC

Shift-left security philosophy, Secure by design principles, Threat modeling integration (STRIDE, DREAD, PASTA), Security champions and DevSecOps culture, Secure coding standards (OWASP Secure Coding Practices, CERT Secure Coding), Security requirements definition, Threat modeling in sprint planning, Security Story Points estimation.

Unit 2: Static and Dynamic Application Security Testing

Static Application Security Testing (SAST) tools (SonarQube, Checkmarx, Semgrep), Incremental SAST scanning, False positive management, Dynamic Application Security Testing (DAST) (OWASP ZAP, Burp Suite), Interactive AST (IAST), Software Composition Analysis (SCA) for open source (Dependabot, Snyk), License compliance scanning.

Unit 3: CI/CD Security and Infrastructure Protection

Secrets management (HashiCorp Vault, AWS Secrets Manager, Doppler), GitOps security (protected branches, code owners), Container security (Trivy, Clair, Anchore), Kubernetes security (RBAC, NetworkPolicies, PodSecurityPolicies), Infrastructure as Code scanning (Checkov, Terrascan), Pipeline security (supply chain attacks, SBOM generation).

Unit 4: Cloud Security and Compliance Automation

Cloud security posture management (CSPM), Infrastructure Live (AWS Config, Azure Policy), IAM policy as code (OPA, Kyverno), Compliance as code (Open Policy Agent), Cloud Workload Protection Platforms (CWPP), Data classification and encryption at rest/transit, Multi-account strategies and cross-account access.

Unit 5: Threat Detection, Response, and Continuous Monitoring

Runtime Application Self-Protection (RASP), Behavioral analysis and anomaly detection, Security Information and Event Management (SIEM), SOAR platforms integration, Threat hunting in development environments, Security metrics and dashboards (MTTR, MTTD, vulnerability age), Attack surface management, Zero Trust implementation.

Skills

Computer NetworksCyber SecurityCloud ComputingDevOpsRoboticsBlockchain

Structure

Semester: 7

Credits: 4 (3-0-2)

Category: Elective

Practicals

Lab 1: Secure Coding and SAST Integration: Focuses on SonarQube/Semgrep pipeline integration, secure coding workshops, and false positive triage.
Lab 2: DAST and IAST Deployment: Focuses on OWASP ZAP/Burp automation in CI/CD, shift-left DAST scanning.
Lab 3: Container and Kubernetes Security: Focuses on Docker image scanning, kube-bench audits, NetworkPolicy implementation.
Lab 4: Secrets Management Implementation: Focuses on HashiCorp Vault integration, GitOps secret injection, zero-secret commits.
Lab 5: IaC Security Scanning: Focuses on Checkov/Terrascan for Terraform/CloudFormation, compliance policy enforcement.
Lab 6: SCA and SBOM Generation: Focuses on open source vulnerability management, license compliance, dependency updates.
Lab 7: Cloud IAM Policy as Code: Focuses on OPA Gatekeeper, Kyverno policies, least privilege IAM automation.
Lab 8: Runtime Security Monitoring: Focuses on Falco rules, eBPF-based monitoring, behavioral anomaly detection.
Lab 9: Threat Modeling Workshop: Focuses on STRIDE/DREAD modeling, security story backlog creation.
Lab 10: Complete DevSecOps Pipeline: Focuses on end-to-end secure delivery pipeline from code to production with full observability.