Ever wondered how to handle the deluge of security issues and reduce cost of fixing before software goes to production? How unicorns like Google, Facebook, Amazon, Etsy handle security at scale? In our Practical DevSecOps training you will learn how to handle security at scale using DevSecOps practices. We will start oﬀ with the basics of the DevOps, DevSecOps and move towards advanced concepts such as Security as Code, Compliance as Code, Conﬁguration management and Infrastructure as code.
The training will be based on DevSecOps Studio, a distribution for DevSecOps enthusiasts. We will cover real-world DevSecOps tools and practices in order to obtain an comprehensive and in-depth understanding of the concepts learnt as part of the course. We will also cover how to use static analysis (SAST), Dynamic Analysis (DAST), OS hardening and Security Monitoring as part of the Secure SDLC and how to select tools which fit your organisation needs and culture. After the training, the students will be able to successfully hack and secure applications before hackers do.
This course is aimed at anyone who is trying to embed security as part of agile/cloud/DevOps environments like Security Professionals, Penetration Testers, Red Teamers, IT managers, Developers and DevOps Engineers.
The student should have basic understanding of
|Introduction to DevOps and DevSecOps|
|DevSecOps Tools of the trade including DevSecOps Studio|
|Secure SDLC and CI/CD pipeline|
|SAST (Static Analysis) in CI/CD pipeline|
|DAST (Dynamic Analysis) in CI/CD pipeline|
|Infrastructure as Code and Its Security|
|Automation of compliance activities to achieve PCI/DSS/HIPAA compliance|
|Basics of Cloud Computing (IaaS, PaaS, SaaS)|
|Shared Security Model in the Cloud|
|Compliance and Legal Issues in the Cloud.|
|AWS vs GCP vs Azure|
|Introduction to AWS Services (EC2, CloudWatch, CloudTrail, Lambda and many more) and their use cases|
|VPC and Security Groups|
|Typical Deployment strategies on the Cloud|
|Secure your cloud infrastructure (AWS)|
|Container (Docker) Security|
|Runtime Analysis( RASP, IAST) and how to select tools|
|Strategies to implement DevSecOps on cloud and on premise|
|Vulnerability Management with custom tools|
|Security Champions program and DevSecOps|
Please complete your registration on Eventbrite by selecting the ticket ‘Practical DevSecOps – Continuous Security in the age of Cloud + Regular 2-Day Pass’Register now
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.