During this 2 day intense training you start of with a punch in threat-modeling to get a feeling of the importance of the vulnerabilities you find. After that, we will deep dive into the space of application security automation: starting with simple dependency checking, basics of SAST and then deep dive in other various scanners, after which we will do hands-on vulnerability management with Git and tools like DefectDojo. The next day, we take the plunge into infrastructure security automation with a focus on platform security (Docker, host security) and take a look at Identity & Access management, secrets management and security monitoring (through ELK).
Is the Applied DevSecOps training right for me?
- Yes - if you work as an Operations specialist, as a member of an SRE team or as a member of a platform team
- Yes - if you work as a security professional
- Yes - if you want to find out how the security in modern environments can scale up faster
- Yes - if you want to be able to detect and prevent common security pitfalls
What will I achieve by completing this training?
You will learn:
- The basics of DevSecOps and Threatmodeling
- How to look at the overall security of a system (e.g. the application and the underlying infrastructure)
- The basics of various available security tooling: SAST, DAST, iAST, RASP, WAF, dependency checkers, vulnerability managers, vulnerability scanners, compliancy automators
- The various techniques available to validate the security posture of your system
- The principles of immutable infrastructure in a security context
- The various challenges on scaling your security automation
- The basics of IaM and secrets management
You will gain experience in:
- Taking care of your third party vulnerabilities
- Analyzing the code of your application
- Working with DAST tools
- Secrets management
- Selecting and testing the right tools for security in your pipeline
What else should I know?
- Please bring a laptop with 8GB RAM or more, 24GB free hard-space drive and administrative access with the possibility to run VMs using VirtualBox and Docker containers
Note that both the application layer and the infrastructure layer are touched not really in depth, for this, we have the 2-day “security automation” courses which cover the subjects in depth.