DevSecOps Training Course

Our instructor-led DevSecOps training for DevOps professionals gives you hands-on valuable techniques and tools to implement security-first agile development practices.

Book or reserve a space

Standard duration: 2 Days
Next available date: 25th Jun 2025
Email course link
Location: Remote Attendance

Customise this course for your team

We can tailor your syllabus to take into account your group's current skills, technology stack, and specific learning goals - as part of a wider training programme or as a standalone workshop.

Enquire now to find out about our cost-effective options:

...or reserve a space on a public scheduled course date:

Book a space

"I felt I learned a lot in short period. Real-world experience from the instructor was a major plus. Many thanks!"

PCI DSS 4.0.1 Training Course - Secure Software Development
DV, Developer
JATO

"We particularly enjoyed Stuart's anecdotes and stories which gave context to the topics discussed."

PCI DSS 4.0.1 Training Course - Secure Software Development
RT, Developer
JATO

"The charismatic trainer kept the audience's attention."

Web App Security and OWASP 2021 Training Course
JW, Business Analyst
Jato

"The demonstrations were impressive and eye-opening."

Web App Security and OWASP 2021 Training Course
Anon, Software Engineer
Central Government Department

"Very practical and easy to understand. Really good content, demos and challenges"

Web App Security and OWASP 2021 Training Course
Anon, Software Engineer
Ometria

About the course:

This two-day training course will cover the fundamentals of DevSecOps, in a practical sense: the main focus will be on technologies and tools.

You will learn through instructor-led demonstrations, discussion and hands-on exercises what is meant by DevSecOps, why it has come about, and what are the basic components.

You will be guided through setting up your own local lab environment, with a Continuous Integration/Continuous Deployment (CI/CD) pipeline. Numerous security testing tools will be showcased throughout the training, and integrated one-by-one into the pipeline.

Remote / on-site options are available - as part of a wider training programme or standalone workshop, as a custom on-site course, and public scheduled courses in London.

Trusted by:

In a nutshell Who should attend Flexible training Course syllabus

Learning outcomes

Set up a DevSecOps platform and CI/CD pipeline for a web application
Select the correct type of security test
Design a CI/CD pipeline that generates Docker images containing security testing tools
Scan for secrets in repositories
Design a plan to phase out known secrets in repositories
Scan source code for security vulnerabilities
Scan source code to check for outdated third party libraries
Scan a running web application for security vulnerabilities
Scan a Docker image for security vulnerabilities and misconfigurations
Triage vulnerabilities in applications
Perform a basic threat modeling excercise
Have an understanding of what DevSecOps means in practice
Shifting Security Left

Who should attend

Software Developers, DevOps engineers, Security Testers, and anyone interested in automating security tests in a CI/CD environment.

Prerequisites

Delegates will ideally have some experience of using Windows or Linux with the Command Line and familiar with basic DevOps concepts - please let us know if you need help with this as we can organise a short workshop to get you up to speed with the essentials.

Live, instructor-led online and on-site training

This DevSecOps course is available for private / custom delivery for your team - face-to-face, on-site at your location of choice, or remotely via MS Teams or your own platform (e.g. Zoom, Webex) - get in touch to find out how we can deliver tailored training which focuses on your project requirements and learning goals.

The Fundamental Principles of DevSecOps

(Secure) Software Design Life Cycle - SSDLC / SDLC
Development and testing
Delivery
Deployment

Types of Security Testing

Risk assessment
Dynamic testing
Container scanning
Vulnerability scanning

Setting up a Local Lab Environment

Docker-compose
GitLab
SonarQube

Creating a Security Testing Tool Chest

Common security testing tools
Choosing the right tool for your stack

Scanning for Secrets in Source Code

When and why you need scanning in your SDLC
Git secret scanning
Secret scanning tools

Static Application Security Testing (SAST)

Why Static Analysis is important
SAST tools
SAST reporting good practices

Understanding Software Composition Analysis (SCA)

Should you blindly trust Open Source code? (you can probably guess the answer)
What is a Bill of Materials? (BOM)
Scanning for Outdated Third Party Libraries
Automated SCA tools

Dynamic Application Security Testing (DAST)

What is "black-box" testing?
Input / output validation
Common Authentication issues
Dynamic security scanner
Fuzzers
Attack Proxies

Container Image Scanning

What to look for:
- Misconfigured containers
- Obsolete libraries
- Out-of-date OS patches
- Compliance Validations

Triaging Software Vulnerabilities

Confidentiality, Integrity, Availability (CIA)
Automated tools
Log analysis

Threat Modeling basics

Analysing and understanding:
- What is the system's purpose
- Who would want to obstruct that purpose
- What attack vectors are available
- What mitigations can your team undertake

Security maturity models

Benefits of a maturity model
OWASP DevSecOps Maturity Model (DSOMM)

Industry security frameworks

Frameworks for you to consider
Implementing security frameworks in your workflow

Migrating from DevOps to DevSecOps

Adopting the Security-First Mindset
Dealing with Silos
Security Champions
Regular and frequent research and education
Implement continuous improvement processes

Applying DevSecOps in Practice

Exploring your next steps

Public Courses Dates and Rates

Standard duration: 2 Days

25th Jun 2025 - £1495.00

All prices are excluding VAT.

If our published dates don’t work for you, please get in touch – we are happy to explore scheduling additional courses.

Book or reserve a space

Secure or reserve a space on a public scheduled course date.

Interested in this course?

If you want to explore how you can tailor this course for your organisation, want to sign up for our newsletter, or have any other questions then please speak to us on 020 3137 3920 or get in touch using this form.

This form requires javaScript to work, please email us at webenquiries@frameworktraining.co.uk if you do not have it enabled.

First Name*

Last Name*

Email*

Phone Number*

Company*

Subject/Tech*

Your message*

Where did you first hear about us?

Get in touch

We use cookies on our website to provide you with the best user experience. If you're happy with this please continue to use the site as normal.
For more information please see our Privacy Policy.

I understand

Ready to take your skills to the next level?