Services DevOps DevSecOps Cloud Consulting Infrastructure Automation Managed Services AIOps MLOps DataOps Microservices πŸ” Private AINEW Solutions DevOps Transformation CI/CD Automation Platform Engineering Security Automation Zero Trust Security Compliance Automation Cloud Migration Kubernetes Migration Cloud Cost Optimisation AI-Powered Operations Data Platform Modernisation SRE & Observability Legacy Modernisation Managed IT Services πŸ” Private AI DeploymentNEW Products ✨ ZippyOPS AINEW πŸ›‘οΈ ArmorPlane πŸ”’ DevSecOpsAsService πŸ–₯️ LabAsService 🀝 Collab πŸ§ͺ SandboxAsService 🎬 DemoAsService Bootcamp πŸ”„ DevOps Bootcamp ☁️ Cloud Engineering πŸ”’ DevSecOps πŸ›‘οΈ Cloud Security βš™οΈ Infrastructure Automation πŸ“‘ SRE & Observability πŸ€– AIOps & MLOps 🧠 AI Engineering πŸŽ“ ZOLS β€” Free Learning Company About Us Projects Careers Get in Touch
Homeβ€ΊBootcampβ€ΊDevSecOps Bootcamp
πŸ”’ Bootcamp

DevSecOps Bootcamp

Build Security Into Your Pipeline β€” Not Onto It.

A practitioner-led bootcamp covering security automation across the full software delivery lifecycle β€” SAST, DAST, SCA, container security, IaC security, secrets management and compliance-as-code.

Duration10 Weeks
Total Hours80 Hours
LevelIntermediate
FormatOnline + Offline
CertificateYes
Enroll Now ← All Bootcamps
Delivery Format

Train How You Learn Best

πŸ’» Online β€” Live Instructor-Led

Live sessions via Zoom with a ZippyOPS practitioner. 4 sessions per week, all recordings provided. Ask questions in real time and get code reviewed live.

🏒 Offline β€” Chennai Lab Sessions

In-person at ZippyOPS Chennai labs. Mon–Fri batches. Lab machines provided. Direct hands-on access to instructors throughout every session.

Who Should Attend

Is This Bootcamp Right for You?

βœ… This bootcamp is for you if…

  • DevOps engineers who want to own application and infrastructure security
  • Security engineers learning to automate security in modern pipelines
  • Software developers wanting to understand and remediate security vulnerabilities
  • Engineers preparing for DevSecOps or cloud security roles

πŸ“‹ Prerequisites

  • Working knowledge of CI/CD pipelines (any toolchain)
  • Basic Docker and container knowledge
  • Familiarity with cloud infrastructure (AWS, Azure or GCP)
Full Curriculum

What You'll Learn β€” Week by Week

01
DevSecOps Foundations & Threat Modelling
Week 1
β–Ύ
  • Shift-left security β€” why it matters and how to implement it without slowing delivery
  • OWASP Top 10 β€” understanding the most critical application security risks with real examples
  • Threat modelling β€” STRIDE methodology, attack trees and data flow diagrams
  • Security requirements in software delivery β€” who owns what in a DevSecOps team
  • Building a security champion programme across engineering teams
  • Lab: Threat model a real-world multi-tier web application using STRIDE
02
SAST β€” Static Application Security Testing
Week 2
β–Ύ
  • How SAST works β€” AST, CFG, taint analysis and false positive management
  • SonarQube β€” setup, quality gates, security rules and IDE integration
  • Semgrep β€” custom rules for organisation-specific security patterns
  • Integrating SAST into GitHub Actions, GitLab CI and Jenkins pipelines
  • Managing false positives β€” tuning rules and building an exceptions process
  • Lab: Configure SonarQube quality gates that block PRs with high-severity security findings
03
SCA β€” Software Composition Analysis
Week 3
β–Ύ
  • Understanding dependency risk β€” CVEs, transitive dependencies and SBOM
  • Dependency-Track β€” SBOM management, CVE tracking and policy enforcement
  • Snyk Open Source β€” developer-friendly SCA with automated fix PRs
  • OWASP Dependency-Check for Java and .NET projects
  • Licence compliance scanning and open source policy management
  • Lab: Build a full SCA pipeline generating SBOMs, tracking CVEs and blocking critical vulnerability builds
04
DAST β€” Dynamic Application Security Testing
Week 4
β–Ύ
  • How DAST works β€” web crawling, active scanning and authenticated testing
  • OWASP ZAP β€” baseline scan, full scan and API scanning modes
  • Integrating ZAP into CI/CD pipelines for automated regression security testing
  • Burp Suite β€” manual testing, intercepting proxies and extensions
  • API security testing β€” OpenAPI-driven scan automation
  • Lab: Configure automated OWASP ZAP scans in a CI/CD pipeline with Slack alerting on critical findings
05
Container & Kubernetes Security
Week 5
β–Ύ
  • Container image security β€” base image hardening and CIS benchmark controls
  • Trivy β€” comprehensive image scanning for CVEs, misconfigs and secrets
  • Runtime security with Falco β€” detecting unexpected process and file activity
  • Kubernetes security β€” Pod Security Standards, RBAC and network policies
  • OPA Gatekeeper β€” policy-as-code for Kubernetes admission control
  • Lab: Build a container security pipeline scanning, gating and monitoring all deployed images
06
IaC Security & Cloud Misconfiguration
Week 6
β–Ύ
  • Common IaC security mistakes β€” overprivileged IAM, open security groups, public S3
  • Checkov β€” scanning Terraform, CloudFormation and Kubernetes for misconfigurations
  • tfsec and KICS β€” infrastructure security linting in CI/CD
  • Cloud Security Posture Management β€” AWS Security Hub, Defender for Cloud, Wiz
  • Policy-as-code with OPA and AWS Config rules
  • Lab: Implement a policy-as-code pipeline that prevents insecure Terraform from being applied
07
Secrets Management
Week 7
β–Ύ
  • Why secrets in code is catastrophic β€” real breach examples and the blast radius
  • gitleaks and detect-secrets β€” scanning repos and git history for leaked credentials
  • HashiCorp Vault β€” dynamic secrets, PKI, AppRole and Kubernetes integration
  • AWS Secrets Manager and Azure Key Vault β€” cloud-native secrets management
  • Secret rotation automation β€” database credentials, API keys and certificates
  • Lab: Migrate a 12-factor application from hardcoded secrets to dynamic Vault-issued credentials
08
Compliance Automation
Week 8
β–Ύ
  • Compliance frameworks β€” SOC 2, ISO 27001, HIPAA, PCI DSS and CIS Benchmarks
  • ArmorPlane β€” automated CIS Benchmark scanning and remediation
  • Drata and Vanta β€” automated evidence collection for SOC 2
  • Building compliance dashboards and automated evidence pipelines
  • OpenSCAP β€” SCAP scanning for operating system compliance
  • Lab: Automate SOC 2 evidence collection for 8 controls using Drata and ArmorPlane
09
Incident Response for DevSecOps
Week 9
β–Ύ
  • Security incident detection β€” SIEM, alert correlation and triage
  • Container and Kubernetes incident response β€” forensics without downtime
  • Cloud incident response β€” isolating compromised resources and evidence preservation
  • Post-incident review for security events β€” root cause and remediation tracking
  • Lab: Respond to and contain a simulated supply chain attack on a containerised application
10
Capstone Project
Week 10
β–Ύ
  • End-to-end DevSecOps pipeline for a provided polyglot microservices application
  • SAST, DAST, SCA and container scanning β€” all integrated with quality gates
  • IaC security scanning with policy-as-code blocking insecure deployments
  • Vault integration for secrets management across all services
  • Falco runtime monitoring with PagerDuty alerting for suspicious activity
  • Live security review with ZippyOPS DevSecOps architects
On Completion

Earn Your ZippyOPS Certificate

πŸŽ“
ZippyOPS Certified DevSecOps Engineer (ZCDSE)

Validates practical knowledge of integrating automated security controls into CI/CD pipelines, container environments and cloud infrastructure through a full-stack security pipeline capstone.

Enroll Today

Ready to Level Up?

Seats are limited per batch. Contact us to check availability and get full pricing for the next online or offline cohort.

Enquire & Enroll ← All Bootcamps
Scroll to Top