Skip to content

Devsecops

Public syllabus for 2025-2026

Academic overview

Programme
AIDC
Period
Year 1, Semester 2
Credits
6
Weeks
14

Teaching team

Course coordinator
Seminar coordinators
Valentin Bîrdeanu

Learning time distribution

Total
Curriculum Lecture Practice Total Weekly Lecture Practice
42 28 14 3 2 1
Exam hours
7
Individual Study Bibliography study Field study Homework Tutoring Others
101 40 36 18 7 0
Overall
150

Learning outcomes

Knowledge

  • C1. Fundamentals of DevSecOps principles
  • C2. Knowledge of DevSecOps stages

Skills

  • A1. Ability to understand DevSecOps requirements
  • A2. Ability to identify solutions and tools required in a specific DevSecOps stage
  • A3. Ability to apply DevSecOps principles

Responsibility

  • R1. Implement DevSecOps mechanisms in a specific stage
  • R2. Ability to assess and improve existing DevSecOps or DevOps implementations

Online platform

https://classroom.google.com/c/NzkzNjU4MTEzMDEw?cjc=yqyspcot

Course content

Content Methods Obs
C1. Introduction to DevOpsDevOps compared to other frameworks. Introduction to DevSecOpsDevSecOps compared to DevOpsReal life use cases Lecture, conversation, exemplification
C2. Git, GithubWhat is versioning controlGit in projectsCLI commandsRepositoryBranching / merging / pull requestsContinuous IntegrationContinuous Deployment Lecture, conversation, exemplification
C3. TestingTesting strategiesUnit testing Selenium testingBuild testing Lecture, conversation, exemplification
C4. DockerIntroduction to container registries and DockerHubDockerfile structure and instructionsBuild a Docker imageRun a Docker containerSecure a docker imageUse docker-compose for multi container deploymentsContainer networkingContainer persistent volumes Lecture, conversation, exemplification
C5. KubernetesIntroduction to KubernetesKubernetes deploymentsKubernetes ServicesKubernetes SSL IngressDeploy a Docker image to KubernetesUpdate a Kubernetes deployment Lecture, conversation, exemplification
C6. Software Development Lifecycle and DevSecOps maturity modelPlanning, analysis, design, implementation, testing & integration, maintenanceA dive into the 17 sub-dimensions of DevSecOps OWASP Maturity Model Lecture, conversation, exemplification
C7. Static Component AnalysisStatic Application SecurityWorking with SonarQubeDynamic Application Security Lecture, conversation, exemplification
C8. Infrastructure as a Code introductionIntroduction to TerraformCreating a DevSecOps infrastructure using TerraformConfigure self-hosted GitHub runners Lecture, conversation, exemplification
C9. Infrastructure as a Code securityCodified security - how to write secure infrastructure as a code template, before deploymentHow to work with 3rd party solutions for IaC SecurityTreating vulnerabilities identified by IaC Security tools Lecture, conversation, exemplification
C10. Monitoring and MeasurementInstallation & administration of Grafana and Prometheus.Monitoring configurationPushing MetricsQuerying dataSetting up AlertsUse cases Lecture, conversation, exemplification
C11. Security through LogsWorking with SplunkDeployment of Splunk Universal ForwardersConfiguration of Splunk agentsConfiguration of Splunk indexesCreating Splunk queries and reportsSplunk architecture review Lecture, conversation, exemplification
C12. Secure application developmentDevelop a secure application and submit it to a DevSecOps pipelinePython programming languageFlask API frameworkMySQL databaseREST API architectureLogging your application Lecture, conversation, exemplification
C13. Planning and designingPlanning tasks and project tasks using JiraUse cases for JiraInstallation and configuration of JiraJira terminologiesWorking with Jira ProjectsUsing subtasksLink issuesPlatform interaction Lecture, conversation, exemplification
C14. Wrap Up & Final Projects ReviewReal-world Case StudiesFinal projects presentation & review Lecture, conversation, exemplification

Course bibliography

Bibliography:

Seminar content

Content Methods Obs
L1. Settings up a local development environment using Visual Studio CodeInstalling Visual Studio Code extensionsCreating Github account and linking with VSCCreate a project, submit commits, resolve an issue and close Pull Request Slide deck, conversation, learning together, practical hands-on.
L2. More Git commands (merge, stash, revert, etc.)Develop a continuous integration pipeline for a template applicationDevelop a continuous deployment pipeline for a template application Slide deck, conversation, learning together, practical hands-on.
L3. Develop a testing suite for a template applicationRun multiple testing strategiesAnalyze testing reports and solve multiple tasks Slide deck, conversation, learning together, practical hands-on.
L4. Dockerize a template applicationWrite a base imageCreate a docker-compose deployment file, using 2 custom and 1 existing imageUsing docker-compose networking and persistent volumes Slide deck, conversation, learning together, practical hands-on.
L5. Analyze a Kubernetes master components: Kube-apiserverEtcdKube-schedulerkube-controller-managerUnderstanding kubernetes nodes: KubeletKube-proxy container runtimeWorking with Kubernetes Addons:web ui, container resource monitoring, cluster-level loggingDeploy a Dockerized application Kubernetes.Deploy a Kubernetes deploymentWorking with Kubernetes services Slide deck, conversation, learning together, practical hands-on.
L6. Review-Dockerize a template applicationConvert docker-compose to Kubernetes deploymentFix potential Kubernetes bugsRunning an end-to-end deployment, together with automated code testing Slide deck, conversation, learning together, practical hands-on.
L7. Scanning external libraries in a template project. Removing potential security vulnerabilities from the projectConfiguring SAST for a template project. Configure DAST for a template project.Automate the process using DevSecOps CI/CD pipelines Slide deck, conversation, learning together, practical hands-on.
L8. Installing Terraform SDKWriting Terraform templatesDeploy Terraform infrastructure Update your configuration with more resourcesTerraform Providers, Functions, Variables and Resource creation Slide deck, conversation, learning together, practical hands-on.
L9. Test Terraform files for security vulnerabilities in VSCTest TF files for security vulnerabilities in the build pipelineRunning Enterprise level solutions for testing your infrastructure as a code deploymentWorking with security vulnerabilities reports Slide deck, conversation, learning together, practical hands-on.
L10. Installing and administration of Grafana and PrometheusConfiguring solutionsPushing metrics, query data, set up alertsCreating custom dashboards Slide deck, conversation, learning together, practical hands-on.
L11. Installation of SplunkCreating Splunk ForwardersSplunk administrationConfiguration of Splunk AgentsCreating Splunk queriesRunning automatic Splunk reportsSplunk custom DashboardsSplunk applications Slide deck, conversation, learning together, practical hands-on.
L12. DevSecOps implementation, P1Create a Python application using Flask framework.Create Github repositoryDevelop Dockerfile and Kubernetes deploymentRun locally Slide deck, conversation, learning together, practical hands-on.
L.13 DevSecOps implementation, P2Create testing suiteAutomatically run tests when a new push is committedAutomatically push deployment to a Kubernetes cluster (locally / cloud) Slide deck, conversation, learning together, practical hands-on.
L.14 DevSecOps implementation, P3Implement application monitoring logging solution and save data in SplunkVisualize infrastructure logs in a separate deployment of Grafana and Prometheus Slide deck, conversation, learning together, practical hands-on.
Bibliography:

Seminar bibliography

Class contents correspond to the curricula of other universities, from inside the country or from the European Union. The practical contents (laboratory works) correspond to the local labor market requirements. /Conținutul disciplinei corespunde curriculei din alte centre universitare, din țară sau Uniunea Europeană. Conținuturile practice (lucrări de laborator) corespund cerințelor de pe piața muncii locală. The content is in line with the structure of similar courses at other universities and covers aspects necessary for familiarization to DevSecOps principles and relevant cybersecurity mechanism during application development lifecycle. The ability to understand modern application development lifecycle is a main component of developing a career in Cybersecurity as a specialized DevSecOps engineer. Once this course is passed, the candidate will possess highly specialized knowledge regarding DevSecOps.

Corroboration

(none)

AI tools guidance

(none)

Evaluation and delivery

Activity Criteria Methods Percentage
C
  • Ability to understand cloud concepts
  • Ability to understand cloud security concepts
  • Capacity to identify security vulnerabilities and propose potential security measures and processes
  • Written test and/or oral exam
  • during the exam session
  • 45.0%
S
  • Ability to assess a presented cloud environment security posture
  • Written test and/or oral exam during the exam session
  • 30.0%
S
  • Ability to implement specific security mechanism in an existing public or private cloud
  • Lab activity
  • 25.0%

Performance standards

Basic Dev(Sec)Ops concepts, successfully operate some of the tools presented in the course, e.g. docker cli, kubectl / kubernetes clis / ui-s, splunk, grafana, git cli / web ui

Additional info

-