Application Security testing (Also known as whitebox testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and is often too late to be able to influence fundamental changes in the way code is written.
If you are a developer who requires mitigation strategies or fails to understand issues like Cross-Site Scripting, XML, External Entity attacks, Deserialization issues, Content-Security Policy and many more application security vulnerabilities and their remediation then this class is for you!
If you are Manager responsible for handling a development team and would like to give a good dose of security knowledge so that you can avoid application security bugs in your code, then you are at the right place!
If you are a DevOps engineer wondering how to automate security into your pipeline, then this course will teach you on how to metamorphose your DevOps to DevSecOps. If you would like to avoid breaches like that of Equifax in September 2017, then sign up now!
This class covers the following modules:
Application Security Basics
Understanding HTTP protocol
Insufficient Logging and Monitoring
Cross Site Scripting (XSS)
Cross Site Request Forgery (CSRF)
Server-Side Request Forgery
XML External Entity (XXE) Attacks
Insecure File Uploads
Source Code Review
Introduction and overview of DevOps
What and Why of DevSecOps?
Integrating Security in CI/CD
Vulnerability Management using Archerysec
Secret Management using Vault, Jenkins and Docker Secrets
Security in Developer Workstations: Pre-Commit Hooks using Talisman
Software Composition Analysis using Dependency-Checker
SAST – Static Application Security Testing using FindSecBugs
DAST – Dynamic Application Security Testing using ZAP
Security in Infrastructure as a Code using Clair
Automated Vulnerability Assessment using OpenVAS
Compliance as Code using Inspec
Monitoring and Feedback using Modsecurity WAF
DevSecOps in AWS
Challenges in DevSecOps
• Any person who wishes to learn about application security vulnerabilities and understand more about their impact
• Developers who create web applications in any language can attend
• Any technical person having a basic knowledge of how web applications work or is responsible for Implementing, managing or protecting web applications
• Any DevOps engineer looking to automate security
The only requirement for this class is that you bring your own laptop with minimum version JDK 8.0 installed with administrator rights and lots of caffeine!
3 - 5, March 2020
Goa, IndiaMore information
Lab-Based Training - Written by BlackHat Trainers - Available Globally
NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure / web applications as a day job & wish to add to their existing skill set.
Working exclusively with 3 training delivery partners, NotSoSecure Hacking Training is available around the world.