Exam Name: EC-Council Certified DevSecOps Engineer (ECDE)
Exam Code: 312-97
EC-Council’s Certified DevSecOps Engineer (E|CDE) is a hands-on, instructor-led, comprehensive DevSecOps certification program that helps professionals build the essential skills to design, develop, and maintain secure applications and infrastructure.
◉ The E|CDE is a perfect blend of theoretical and practical knowledge of DevSecOps in your on-premises and cloud-native (AWS and Azure) environment.
◉ The program focuses on the application DevSecOps and provides insights into infrastructure DevSecOps.
◉ It helps DevSecOps Engineers develop and enhance their knowledge and skills in securing applications in all DevOps stages.
EC-Council ECDE Exam Summary:
Exam Name
|
EC-Council Certified DevSecOps Engineer (ECDE)
|
Exam Code
|
312-97
|
Exam Price
|
$550 (USD)
|
Duration
|
240 mins
|
Number of Questions
|
100
|
Passing Score
|
70%
|
Sample Questions
|
|
Practice Exam
|
EC-Council 312-97 Exam Syllabus Topics:
Topic | Details |
Understanding DevOps Culture | - This module of our DevSecOps course takes you through the foundational exploration of DevOps evolution and its role in the modern software development Life Cycle. Participants learn to implement DevOps methodologies in diverse environments, including on-premises, AWS, and Azure cloud settings. They grasp DevOps frameworks, Maturity Models in DevOps, assess security silos, and gain crucial insights to seamlessly integrate security across the developmental spectrum. This section equips professionals with the essential knowledge to merge DevOps culture and security measures. |
Introduction to DevSecOps | - This module of DevSecOps certification addresses security challenges inherent in DevOps processes. Participants gain insights into the essence of DevSecOps, delving into its cultural and strategic aspects. They comprehend the significance of continuous security integration within the DevSecOps pipeline, focusing on minimizing security bottlenecks. The module also familiarizes learners with various DevSecOps tools and strategies pivotal for efficient security implementation. This section empowers application security and DevOps professionals to bridge the gap between development, operations, and security, ensuring a holistic approach towards secure software delivery. |
DevSecOps Pipeline - Plan Stage | - This module explores crucial elements vital for fortifying the CI/CD pipeline. This segment delves into continuous threat modeling practices, equipping learners with the skills to seamlessly integrate threat modeling tools into the CI/CD pipeline. Additionally, cybersecurity professionals gain proficiency in gathering security requirements from business functionalities and addressing technical security debts effectively. The module emphasizes the significance of pre-commit checks during planning, ensuring proactive security measures. Moreover, participants receive comprehensive training in secure code practices and awareness, alongside mastering various security tools essential for a robust DevSecOps framework. This module empowers professionals to proactively embed security throughout the development lifecycle, ensuring resilient and secure software deployment. |
DevSecOps Pipeline-Code Stage | - This module focuses on integrating security measures seamlessly into the code-writing process. Attendees gain expertise in integrating security plugins into Integrated Development Environments (IDEs) and configuring code scanning for GitHub repositories. Additionally, they learn to implement and scan source code repositories effectively while integrating secret management tools for heightened security. The module also emphasizes integrating Software Composition Analysis (SCA) tools, providing comprehensive insights into integrating these tools with various platforms like IDEs, source code repositories, and CI/CD tools such as Travis CI, Jenkins, GitLab, AWS, and Microsoft Azure. This module will empower Certified DevSecOps professionals to proactively embed security protocols within the code stage, ensuring robust and secure software development practices. |
DevSecOps Pipeline-Build and Test Stage | - This module focuses on integrating various security testing tools and frameworks seamlessly into the build and test stages. Attendees learn to incorporate Static Application Security Testing (SAST) tools and integrate them efficiently with cloud platforms like AWS and Microsoft Azure. Moreover, the module covers manual secure code review techniques, emphasizing their importance in identifying vulnerabilities. Participants also gain insights into Dynamic Application Security Testing (DAST) tools and their integration with cloud platforms. Additionally, they delve into Interactive Application Security Testing (IAST) tools and comprehend the intricacies of security testing frameworks. This module empowers professionals to proactively incorporate robust security testing practices into the development process, ensuring the delivery of security and resilience. |
DevSecOps Pipeline-Release and Deploy Stage | - This module focuses on strengthening security during software release and deployment. Participants learn to integrate security tools like RASP, conduct penetration testing, and utilize vulnerability scanning. They explore Bug Bounty Programs and threat detection tools and adopt Infrastructure as Code (IaC) principles using Terraform, AWS CloudFormation, and configuration orchestration tools like Ansible, Chef, Puppet, and Azure Resource Management. This module empowers professionals to ensure secure and resilient software deployment. |
DevSecOps Pipeline-Operate and Monitor Stage | - This module focuses on maintaining security during software operations and monitoring. Participants learn to scan for vulnerabilities in Infrastructure as Code (IaC), secure containers, integrate monitoring tools, and adopt Compliance as Code (CaC) practices. They explore monitoring features in AWS and Azure, integrate a Web Application Firewall (WAF), and implement continuous feedback for proactive security. This module ensures robust security measures during software operations and monitoring. Enhance your skills and knowledge with our DevOps security certification. Become a Certified DevSecOps Engineer. |
0 comments:
Post a Comment