01
Unit 1: DevSecOps Principles and Secure SDLC
Shift-left security philosophy, Secure by design principles, Threat modeling integration (STRIDE, DREAD, PASTA), Security champions and DevSecOps culture, Secure coding standards (OWASP Secure Coding Practices, CERT Secure Coding), Security requirements definition, Threat modeling in sprint planning, Security Story Points estimation.
02
Unit 2: Static and Dynamic Application Security Testing
Static Application Security Testing (SAST) tools (SonarQube, Checkmarx, Semgrep), Incremental SAST scanning, False positive management, Dynamic Application Security Testing (DAST) (OWASP ZAP, Burp Suite), Interactive AST (IAST), Software Composition Analysis (SCA) for open source (Dependabot, Snyk), License compliance scanning.
03
Unit 3: CI/CD Security and Infrastructure Protection
Secrets management (HashiCorp Vault, AWS Secrets Manager, Doppler), GitOps security (protected branches, code owners), Container security (Trivy, Clair, Anchore), Kubernetes security (RBAC, NetworkPolicies, PodSecurityPolicies), Infrastructure as Code scanning (Checkov, Terrascan), Pipeline security (supply chain attacks, SBOM generation).
04
Unit 4: Cloud Security and Compliance Automation
Cloud security posture management (CSPM), Infrastructure Live (AWS Config, Azure Policy), IAM policy as code (OPA, Kyverno), Compliance as code (Open Policy Agent), Cloud Workload Protection Platforms (CWPP), Data classification and encryption at rest/transit, Multi-account strategies and cross-account access.
05
Unit 5: Threat Detection, Response, and Continuous Monitoring
Runtime Application Self-Protection (RASP), Behavioral analysis and anomaly detection, Security Information and Event Management (SIEM), SOAR platforms integration, Threat hunting in development environments, Security metrics and dashboards (MTTR, MTTD, vulnerability age), Attack surface management, Zero Trust implementation.