DevSecOpsPractitioner

DevSecOps with AWS / Azure

Security as code, not as ceremony

Weeks

Lessons

Browser labs

Students

—

Rating

—

Tuition · INR

₹8,990

or 3× EMI · UPI accepted

Audit free

Free preview · 2 lessons

Try before you pay.

Two full lessons from DevSecOps with AWS / Azure — exact topics, hands-on lab pairings, same depth as the paid course. Watch the videos free; sign up to access labs + the rest of the curriculum.

Video coming soon · subscribe on YouTube to be notified

Lesson 0120 min

Shift-left security — what it means in practice

Security checks don't belong at the end of the SDLC. We map every shift-left tool to the right CI stage and explain which signals are worth blocking on (most aren't).

What this lesson teaches

· SAST, DAST, SCA, IaC scanning, secret detection — when each runs
· False-positive triage: why most teams disable security tools after 6 weeks
· The 'severity gate' pattern: which findings block a merge, which warn, which log
· DevSecOps in CI: GitHub Actions, GitLab CI, Jenkins — same playbook, different syntax
· Compliance evidence pipeline: SOC 2, ISO 27001, DPDP Act — automated where possible

Video coming soon · subscribe on YouTube to be notified

Lesson 0225 min

IaC scanning that actually catches real bugs

Hands-on walkthrough of Terraform scanning with Checkov, tfsec and Trivy. We deliberately ship vulnerable infrastructure and watch each tool find or miss it. By the end you know which combinations matter.

What this lesson teaches

· Checkov vs tfsec vs Trivy vs KICS — coverage and false-positive comparison
· Custom rules: writing your first OPA/Rego policy for an org-specific control
· S3 bucket misconfigs, IAM wildcards, security group 0.0.0.0/0 — the top 5 prod findings
· Suppressing false positives without weakening the gate
· How to wire results into GitHub PRs as inline review comments

● Paired lab

Add Checkov + Trivy to a real Terraform repo, configure severity gates, fix the actual findings.

These are 2 of 46 lessons. Subscribe to @computerpathshala654 for new lessons + course launches. The full 44 remaining lessons are included with cohort enrolment, with a 7-day money-back guarantee.

What you’ll build

10 capstones. Reviewed by senior engineers.

01Build a VPC + EC2 from scratch● Lab

02Containerize a Node app & push to ECR● Lab

03Deploy to EKS with Helm● Lab

04Terraform a 3-tier app● Lab

05GitHub Actions: build → push → deploy● Lab

06Blue-green deploy with Route53● Lab

07Set up Prometheus + Grafana on EKS● Lab

08SLO-based alerting● Lab

09Chaos test with AWS FIS● Lab

10Cost-optimize an EC2 fleet● Lab

Curriculum

46 lessons across 10 weeks

Week 01Shift-left foundations5 lessons

01Shift-left security — what it means in practicevideo20mFREE
02IaC scanning that actually catches real bugsvideo25mFREE
03The CI security gate hierarchy: block vs warn vs logvideo18m
04False-positive triage — the discipline that keeps tools alivevideo22m
05Lab: configure severity gates on a real PR pipelinelab90m

Week 02Secret detection + management5 lessons

06Gitleaks + TruffleHog: scanning history without false positivesvideo22m
07Secret rotation strategies — when/how/whyvideo20m
08AWS Secrets Manager vs SSM Parameter Store vs HashiCorp Vaultvideo24m
09Azure Key Vault — IAM model and integration patternsvideo20m
10Lab: detect a leaked AWS key in git history + rotate it cleanlylab90m

Week 03SAST + DAST + SCA5 lessons

11SAST: Semgrep + SonarQube + GitHub Advanced Securityvideo24m
12DAST: ZAP, Burp, and when each makes sensevideo20m
13SCA: dependency vuln scanning with Snyk + Dependabot + Trivyvideo22m
14License compliance — the bit nobody monitors until they're suedvideo18m
15Lab: end-to-end PR pipeline with SAST + SCA + image scanlab150m

Week 04IaC scanning deep dive5 lessons

16Checkov vs tfsec vs Trivy vs KICS — coverage matrixvideo22m
17Custom OPA / Rego policies for org-specific rulesvideo26m
18The top 10 IaC misconfigs we see in client auditsvideo24m
19Suppressing findings without weakening the gatevideo18m
20Lab: write a custom OPA policy for your orglab120m

Week 05Container & image security5 lessons

21Image scanning: build-time vs registry-time vs runtimevideo22m
22Image signing with cosign + Sigstorevideo20m
23Admission control: only-signed-images-allowed in K8svideo24m
24Distroless + minimal-base — reducing the attack surfacevideo18m
25Lab: build a signed image pipeline + verify at deploylab150m

Week 06AWS-native security tools4 lessons

26GuardDuty: what it actually detects (and what it misses)video22m
27Security Hub as the central control planevideo20m
28Inspector + Macie — when each pays offvideo22m
29Lab: trip a GuardDuty finding deliberately + triage end-to-endlab120m

Week 07Azure-native security tools4 lessons

30Microsoft Defender for Cloud — what it coversvideo22m
31Azure Policy: declarative guardrails at the subscription layervideo24m
32Sentinel: when SIEM is worth the billvideo20m
33Lab: build a Sentinel rule for a real attack patternlab120m

Week 08Runtime security in Kubernetes4 lessons

34Falco: eBPF-based runtime detectionvideo24m
35Custom Falco rules — writing your first onevideo22m
36Runtime drift detection: when a pod does something newvideo20m
37Lab: detect a reverse-shell exec in a pod with Falcolab90m

Week 09Compliance evidence automation5 lessons

38SOC 2 controls that have a CI / IaC counterpart (most of them)video24m
39ISO 27001 + ISO 27017 — the cloud-specific addendumvideo22m
40DPDP Act + CERT-In requirements for Indian SaaSvideo22m
41Vanta / Drata / SecureFrame vs DIY evidence collectionvideo18m
42Lab: build a SOC 2 evidence pipeline from CloudTrail + GitHub Auditlab150m

Week 10Incident response + capstone4 lessons

43IR playbook structure — and what 90% of teams missvideo22m
44CERT-In 6-hour reporting workflow (Indian-law-specific)video20m
45Live capstone review with a security engineervideo60m
46Capstone: build a complete DevSecOps pipeline for a real appproject600m

Pair it with

DevSecOps

Cloud Security & Compliance

SOC 2 · ISO 27001 · DPDP Act readiness

8w · 10 labs₹9,990