DevSecOps

NEW
1 Day

  • Create a security culture/mindset amongst the already integrated “DevOps” team.
  • Find and fix security bugs as early in SDLC as possible.
  • Promote the philosophy “security is everyone’s problem”.
  • Integrate all security software centrally and utilize the results more effectively.
  • Measure and shrink the attack surface.
HOW TO BOOK

Class Overview

Modern enterprises have been constantly implementing the technical and cultural changes required to adapt and embrace the DevOps methodology. The practice of DevSecOps extends DevOps by introducing security early into the SDLC process, thereby minimizing software vulnerabilities and enhancing its overall security posture. In this workshop, we will show how this can be achieved through a series of live demonstrations and practical examples.

As part of this workshop, the attendees will receive a state-of-the-art DevSecOps tool-chest comprising of various open-source tools and scripts to help the DevOps engineers in automating security within the CI/CD pipeline.

Class Details

The following topics, which encompass an entire Secure DevOps methodology, will be covered:

•  Introduction and overview of DevOps
•  The What and Why of DevSecOps?
•  Different Phases / Stages of DevSecOps
•  Security in Developer Workstations: Pre-Commit Hooks, IDE Plugins and more
•  Software Composition Analysis: weeding out insecure components
•  Infrastructure as a Code:
    •  Secure Container Orchestration,
    •  Docker/k8s Image Security
    •  Base OS Security
•  SAST – Static Application Security Testing
•  DAST – Dynamic Application Security Testing using open-source tools like ZAP and Arachni
•  Compliance as Code
•  Vulnerability Management and Tracking
•  Production Real-Time Alerting, Monitoring and Feedback to development cycle
•  DevSecOps vs. Pentesting
•  Next steps and how can Claranet help?

Prerequisites

Who Should Take This Class?

DevSecOps Workshop, which will give the target audience a holistic approach in assessing and securing the web applications in an automated fashion within the existing CI/CD pipeline, can be attended by DevOps engineers, security and solutions architects, system administrators and anybody who is willing to inject security aspects in their DevOps process.

Student Requirements

Our workshop will be delivered as an interactive session, so the attendees only need to carry a laptop with them. We also encourage the attendees to download and try the tools and techniques discussed during the workshop as the instructor is demonstrating it.

The attendees will receive a free “DevSecOps tool-chest” (designed by the NotSoSecure team) which can be directly implemented in most of the CI/CD pipelines.

Upcoming Classes

March 25, 2019

Leeds Marriott Hotel, Leeds, UK

More information

Hacking Training Classes

Lab-Based Training - Written by BlackHat Trainers - Available Globally

NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure / web applications as a day job & wish to add to their existing skill set.


Download the NotSoSecure Hacking Classes Brochure

Beginner Friendly

Hacking 101

The Art of Hacking

The Art of Hacking

=

Infrastructure Hacking

+

Web Hacking

Specialist Offensive Classes

2019 Edition

Advanced Infrastructure Hacking

2019 Edition

Advanced Web Hacking

NEW

Hacking and Securing Cloud Infrastructure

Specialist Defence Classes

AppSec for Developers

NEW

DevSecOps

Book Your Training

Working exclusively with 3 training delivery partners, NotSoSecure Hacking Training is available around the world.


UNITED KINGDOM

REST OF THE WORLD