During this 2 day intense training you start of with a punch in threat-modeling to get a feeling of the importance of the vulnerabilities you find. After that, we will deep dive into the space of application security automation: starting with simple dependency checking, basics of SAST and then deep dive in other various scanners, after which we will do hands-on vulnerability management with Git and tools like DefectDojo. The next day, we take the plunge into infrastructure security automation with a focus on platform security (Docker, host security) and take a look at Identity & Access management, secrets management and security monitoring (through ELK).
Is the Applied DevSecOps training right for me?
- Yes - if you work as an Operations specialist, as a member of an SRE team or as a member of a platform team
- Yes - if you work as a security professional
- Yes - if you want to find out how the security in modern environments can scale up faster
- Yes - if you want to be able to detect and prevent common security pitfalls
What will I achieve by completing this training?
You will learn:
- The basics of DevSecOps and Threatmodeling
- How to look at the overall security of a system (e.g. the application and the underlying infrastructure)
- The basics of various available security tooling: SAST, DAST, iAST, RASP, WAF, dependency checkers, vulnerability managers, vulnerability scanners, compliancy automators
- The various techniques available to validate the security posture of your system
- The principles of immutable infrastructure in a security context
- The various challenges on scaling your security automation
- The basics of IaM and secrets management
You will gain experience in:
- Taking care of your third party vulnerabilities
- Analyzing the code of your application
- Working with DAST tools
- Secrets management
- Selecting and testing the right tools for security in your pipeline
What else should I know?
- Please bring a laptop with 8GB RAM or more, 24GB free hard-space drive and administrative access with the possibility to run VMs using VirtualBox and Docker containers