DevSecOps: Integrating Security into the DevOps Lifecycle Virtual Internship
In this comprehensive virtual internship, students will learn how to integrate security best practices and tools into the DevOps lifecycle. They will gain hands-on experience with OWASP ZAP, Snyk, and Trivy to shift security left in the CI/CD pipeline. Upon completion, students will be equipped with the skills to build secure and resilient DevOps environments.
Track Overview
Tasks & Milestones
Identify Security Vulnerabilities in a Web Application
AdvancedStudents will use OWASP ZAP to perform a security scan on a web application and identify common vulnerabilities.
Integrate Snyk into the CI/CD Pipeline
AdvancedStudents will set up Snyk to automatically scan their code for vulnerabilities and fail the build if critical issues are detected.
Integrate Trivy into the CI/CD Pipeline
AdvancedStudents will set up Trivy to automatically scan container images for vulnerabilities and fail the build if critical issues are detected.
Secure Terraform Deployments
AdvancedStudents will learn how to use Terraform to deploy secure cloud infrastructure and scan for security misconfigurations.
Secure Ansible Deployments
AdvancedStudents will learn how to use Ansible to deploy secure infrastructure and integrate security best practices into their playbooks.
Set up Security Monitoring and Alerting
AdvancedStudents will configure Prometheus and Grafana to monitor the security posture of their DevOps environment and set up alerts for security-related events.
Implement Incident Response Procedures
AdvancedStudents will learn how to respond to security incidents in a DevOps environment, including investigation, containment, and remediation.
Prerequisites
- • Proficiency in a programming language (e.g., Python, Go, or Java)
- • Experience with DevOps tools and practices
- • Understanding of cloud infrastructure and deployment
Certificate
Certificate of Completion
Earn a certificate upon successful completion