DevSecOps (5 cr)
Code: TT00CG60-3003
General information
- Enrollment
-
02.07.2025 - 31.07.2025
Registration for introductions has not started yet.
- Timing
-
01.08.2025 - 31.12.2025
The implementation has not yet started.
- Number of ECTS credits allocated
- 5 cr
- Local portion
- 5 cr
- Mode of delivery
- Contact learning
- Unit
- Teknologia
- Teaching languages
- Finnish
- Degree programmes
- Bachelor’s Degree in Information and Communication Technology
Realization has 14 reservations. Total duration of reservations is 45 h 30 min.
| Time | Topic | Location |
|---|---|---|
|
Mon 08.09.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
|
Mon 15.09.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
|
Mon 22.09.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
|
Mon 29.09.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
|
Mon 06.10.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
|
Mon 20.10.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
|
Mon 27.10.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
|
Mon 03.11.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
|
Mon 10.11.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
|
Mon 17.11.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
|
Mon 24.11.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
|
Mon 01.12.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
|
Mon 08.12.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
|
Mon 15.12.2025 time 12:45 - 16:00 (3 h 15 min) |
DevSecOps TT00CG60-3003 |
TA13L114 Tekoäly
TA13L114 Tekoäly
|
Objective
At the end of the course student will:
Have a fundamental understanding of DevSecOps including common web application security issues, such as the OWASP Top 10, Linux security, how to use and implement DevSecOps tooling, and what key projects and organisations to reference so that student can understand and prioritise the most important issues found from your DevSecOps CI/CD pipelines.
Content
What DevOps is and how to get started.
What DevSecOps is and how to get started.
Explanations, hands-on demos and walkthroughs of important tools such as SAST, DAST and SCA.
Turn a DevOps pipeline into a DevSecOps pipeline (GitLab YAML pipelines examples with YAML provided).
Explanation of penetration testing and vulnerability assessments and how they align with DevSecOps.
Key security principles explained such as CIA triad, OAuth, defence in depth and least privilege.
Key security organisations such as OWASP, CIS, and CISA.
Key security projects such as OWASP Top 10 2021, OWASP ZAP, OWASP ASVS, CVE’s, CVSS.
Common web application security issues will also be covered.
Linux security fundamentals covering topics such as sudo, SSH, file permissions, updates and more.
Docker explained, hands-on demos including how to build your own containers and recommendations to ensure they are running securely (also includes downloadable source code to build your own Docker container to test yourself!).
Terraform explained, hands-on demos and recommendations to ensure it is implemented securely.
Materials
This course will cover basic elements of DevSecOps. The course is made up of hands-on demos, reading material, quizzes and some presentations. The course also includes source code and links to all of the tools and sites mentioned so students can use on their local environment.
Evaluation scale
0 - 5
Assessment criteria, fail (0)
The student does not know how to perform vulnerability testing of a software development project based on CI/CD pipeline tests according to the DevSecOps process.
Assessment criteria, excellent (5)
The student knows how to independently implement a software development project based on CI/CD pipeline tests according to the DevSecOps process, knows how to write CI/CD pipeline test cases, knows how to use different testing methods and knows how to analyze test results. The student understands and prioritizes the most important problems found in DevSecOps CI/CD pipeline tests.
The student can also document, report test results and present solutions that correct information security vulnerabilities.
Toteutuksen arviointikriteerit, hyvä (3-4)
The student knows how to implement a software development project based on CI/CD pipeline tests according to the DevSecOps process, knows how to write CI/CD pipeline test cases. The student understands the problems of DevSecOps CI/CD pipeline tests.
The student can also document, report test results and present solutions that correct information security vulnerabilities.
Assessment criteria, satisfactory (1)
The student can implement a ready-made software development project based on CI/CD pipeline tests according to the DevSecOps process.
Prerequisites
Successful completion of the Fundamentals of Information Security and Cyber Security course
Objective
At the end of the course student will:
Have a fundamental understanding of DevSecOps including common web application security issues, such as the OWASP Top 10, Linux security, how to use and implement DevSecOps tooling, and what key projects and organisations to reference so that student can understand and prioritise the most important issues found from your DevSecOps CI/CD pipelines.
Execution methods
Downloadable source code so student can follow along with the hands-on demos locally or using virtual environment.
Links to all of the mentioned tools, projects and organisations so student can easily investigate and download any tools to student own local environment.
Multi choice end of module quizzes to help reinforce learning.
Accomplishment methods
Exercises, hands-on demos and projectswork.
Content
What DevOps is and how to get started.
What DevSecOps is and how to get started.
Explanations, hands-on demos and walkthroughs of important tools such as SAST, DAST and SCA.
Turn a DevOps pipeline into a DevSecOps pipeline (GitLab YAML pipelines examples with YAML provided).
Explanation of penetration testing and vulnerability assessments and how they align with DevSecOps.
Key security principles explained such as CIA triad, OAuth, defence in depth and least privilege.
Key security organisations such as OWASP, CIS, and CISA.
Key security projects such as OWASP Top 10 2021, OWASP ZAP, OWASP ASVS, CVE’s, CVSS.
Common web application security issues will also be covered.
Linux security fundamentals covering topics such as sudo, SSH, file permissions, updates and more.
Docker explained, hands-on demos including how to build your own containers and recommendations to ensure they are running securely (also includes downloadable source code to build your own Docker container to test yourself!).
Terraform explained, hands-on demos and recommendations to ensure it is implemented securely.
Qualifications
Successful completion of the Fundamentals of Information Security and Cyber Security course