About

As speed is becoming indispensable part of today’s business, security teams are challenged with ensuring security of applications that are shipped at a faster pace. Agile teams are mostly focused on working in shorter iterations and a security flaw or vulnerability could cause serious problems to the entire line of business. Integrating security in the fast paced Agile and DevOps environment comes with organizations challenges, tooling, and practice challenges that need to addressed together to get state of the art security in Agile Software Delivery. This course aims at a hands-on approach to propose solutions for the challenges with good practices, and tooling.

Course content

• Introduction of DevSecOps
• Then things called Continuous “Everything”
  • Continuous Integration, Deployment, Delivery, Security
• Hands on: Setting up practice labs
• Threat modelling in an iterative software development
  • Collaborative approaches to threat modelling
  • Hands on: Threat Modelling sample application
  • Good practices on the DOs and DONTs
• The organizations challenges
  • ‘N’ number of Strategic ways to run a Software Security Program
  • What’s your take?
• Understanding Complex Application Architectures
• Tooling Introduction
  • SAST, DAST, IAST/RASP
• The possible types of automation with tools
• When automation with tools doesn’t help?
• Hands on: Integrating SAST to the pipeline
• Hands on: Integrating DAST to the pipeline
• The OWASP projects to rescue
  • A crash course on the OWASP Top 10
  • OWASP ASVS project
  • OWASP ZAP project
• Hands on: Integrating Selenium or CodedUI to the DAST pipeline
• Hands on: Bundling security with Jenkins
• Hands on: False positive management
• Hands on: Custom security regression scripts
• Hands on: Application security monitoring with ELK stack
• Introduction to Web Application Firewalls
• Hands on: Docker Security

Outcome

• The many number of tools, techniques and practices that help integrate security in to DevOps
• Practical, hands on, and real world workshop enables learning by scripting and designing tests
• Being able to implement security tooling in to the DevOps pipeline
• Being able to implement security monitoring with Software Delivery
• Being able to drive or recommend Software Security program

Target Audience

Developers, Software Architects, Security Engineers, Operations engineers, DevOps Engineers, Security Consultants, DevOps consultants working in a DevOps environment.

 Missed the introduction?