AppSecOps

NEW
  • Understand what application security vulnerabilities are their trends
  • Gain an insight into their impact through practical demonstrations
  • Learn how to fix/avoid them by discussing various strategies, best practices, code snippets and tools
  • Learn how to inject Security into your DevOps pipeline to automate security and develop a DevSecOps pipeline
HOW TO BOOK

Class Overview

Application Security testing (Also known as whitebox testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and is often too late to be able to influence fundamental changes in the way code is written.

If you are a developer who requires mitigation strategies or fails to understand issues like Cross-Site Scripting, XML, External Entity attacks, Deserialization issues, Content-Security Policy and many more application security vulnerabilities and their remediation then this class is for you!

If you are Manager responsible for handling a development team and would like to give a good dose of security knowledge so that you can avoid application security bugs in your code, then you are at the right place!

If you are a DevOps engineer wondering how to automate security into your pipeline, then this course will teach you on how to metamorphose your DevOps to DevSecOps. If you would like to avoid breaches like that of Equifax in September 2017, then sign up now!

Class Details

This class covers the following modules:

Day 1

Application Security Basics
Understanding HTTP protocol
Security Misconfigurations
Insufficient Logging and Monitoring
Authentication Flaws
Authorization Bypass
Cross Site Scripting (XSS)

Day 2

Cross Site Request Forgery (CSRF)
Server-Side Request Forgery
SQL Injection
XML External Entity (XXE) Attacks
Insecure File Uploads
Deserialization Vulnerabilities
Client-Side Security
Source Code Review

Day 3

Introduction and overview of DevOps
What and Why of DevSecOps?
Integrating Security in CI/CD
Vulnerability Management using Archerysec
Secret Management using Vault, Jenkins and Docker Secrets
Security in Developer Workstations: Pre-Commit Hooks using Talisman
Software Composition Analysis using Dependency-Checker
SAST – Static Application Security Testing using FindSecBugs
DAST – Dynamic Application Security Testing using ZAP
Security in Infrastructure as a Code using Clair
Automated Vulnerability Assessment using OpenVAS
Compliance as Code using Inspec
Monitoring and Feedback using Modsecurity WAF
DevSecOps in AWS
Challenges in DevSecOps
DevSecOps Enablers

Prerequisites

Who Should Take This Class?

• Any person who wishes to learn about application security vulnerabilities and understand more about their impact
• Developers who create web applications in any language can attend
• Any technical person having a basic knowledge of how web applications work or is responsible for Implementing, managing or protecting web applications
• Any DevOps engineer looking to automate security

Student Requirements

The only requirement for this class is that you bring your own laptop with minimum version JDK 8.0 installed with administrator rights and lots of caffeine!

Hacking Training Classes

Lab-Based Training - Written by BlackHat Trainers - Available Globally

NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure / web applications as a day job & wish to add to their existing skill set.


Download the NotSoSecure Hacking Classes Brochure

Beginner Friendly

Hacking 101

The Art of Hacking

The Art of Hacking

=

Infrastructure Hacking

+

Web Hacking

Specialist Offensive Classes

2019 Edition

Advanced Infrastructure Hacking

2019 Edition

Advanced Web Hacking

NEW

Hacking and Securing Cloud Infrastructure

Specialist Defence Classes

2019 Edition

AppSec for Developers

NEW

DevSecOps

NEW

AppSecOps

Book Your Training

Working exclusively with 3 training delivery partners, NotSoSecure Hacking Training is available around the world.


UNITED KINGDOM

REST OF THE WORLD