Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio.

SWE 4511 - DevSecOps

3 lecture hours 2 lab hours 4 credits
Course Description
The course provides students with an introduction to the tools and practices employed in DevSecOps. As an agile development approach, DevSecOps emphasizes collaboration, communication, and automation among all stakeholders, including IT operations, testers, developers, customers, and security personnel throughout the project. This course includes DevOps principles and processes for designing and building a secure development pipeline, secure development, security testing, and deployment from start to finish. Students will learn about the requirements and architectural decisions required to optimize the secure construction and deployment of a software system, the design and implementation of CI/CD systems for secure development and deployment of software systems, and the usage of auditing tools to ensure the secure operation of a system deployed in a modern operational environment. Students will also be exposed to quality assurance and risk management practices.
Prereq: CSC 3210 , SWE 2721 , SWE 3411  (quarter system prereq: CS 3840, SE 2832, SE 3810)
Note: None
This course meets the following Raider Core CLO Requirement: None
Course Learning Outcomes
Upon successful completion of this course, the student will be able to:
  • Write security requirements for a software system to ensure that confidentiality, integrity, and availability are maintained
  • Analyze a given software architecture using Threat Modeling to identify potential security weaknesses
  • Analyze a system for security risks using modern software tools
  • Construct a simple DevOps CI/CD Pipeline to automatically deploy a software system in an online environment
  • Construct the requisite infrastructure for a project deployment using infrastructure as code
  • Explain the importance of archiving all development and deployment artifacts to ensure the ability to rebuild both infrastructure and development products
  • Use commercial grade static analysis tools to analyze an existing codebase for security vulnerabilities and weaknesses
  • Use an industry standard software package to perform penetration testing against a web system
  • Revise an existing DevOps pipeline to integrate automatic security testing of a software development project
  • Explain the architectural and process implications of low risk releases and their impact on the security and reliability of a software product
  • Monitor the operational stability of a software artifact as it is deployed using telemetry
  • Describe the work culture employed in successful DevOps organizations
  • Explain the relationship between DevSecOps and other agile software development processes
  • Compare and contrast quality activities in assorted software development frameworks
Prerequisites by Topic
  • Verification
    • An ability to construct automated Unit tests
    • An ability to perform regression testing on a system
    • An ability to debug software based upon testing
    • An ability to work as a team to debug and develop software
  • Architecture
    • The ability to review and identify quality problems in requirements artifacts
    • The ability to sketch and draw an architecture view of a system
    • An understanding of the concept of Microservices and the ability to architect a system using Microservices
  • Operating Systems
    • The ability to write basic console scripts
    • An understanding and ability to work with virtual machines
    • An ability to work in the command console and perform basic maintenance tasks from the console
Course Topics
  • An introduction to DevOps
  • Basic security concepts (CIA Triad, threats, etc.)
  • Containerization techniques for deploying software
  • Rudimentary networking
  • Infrastructure as code
  • Analyzing infrastructure security and cloud security
  • An overview of CI/CD including development and deployment pipelines
  • Static analysis
  • Common coding mistakes
  • Microservice architecture and security
  • Penetration testing
  • Software telemetrity
  • IEEE 2675-2021 - IEEE Standard for DevOps: Building Reliable and Secure Systems Including Application Build, Package, and Deployment
  • Ethical issues related to security
  • Emerging security topics
Laboratory Topics
  • Identifying assets in an application and determining required protection needs
  • Constructing a threat model with a security tool
  • Setting up a CI pipeline
  • Setting up a deployment pipeline
  • Using static analysis tools to detect security vulnerabilities
  • Automating the execution of static analysis tools in a CI/CD environment
  • Securing a cloud infrastructure
  • Manual penetration testing of a deployed application
  • Automating penetration testing in a CI/CD environment
  • Using telemetrity to monitor the health of a software product
  • DevSecOps sprints
Coordinator
Dr. Walter Schilling

Print-Friendly Page (opens a new window)
Add to Portfolio.
Close Window