Practical DevSecOps – Continuous Security in the age of cloud

WHEN

25-27 Feb 2019

WHERE

Singapore

PRICE

$3,900 SGD (Early Bird)

2-in-1 Package: Booking of this course includes a complimentary 2-day conference pass for DevSecCon Singapore (28 Feb - 01 Mar 2019)!

We all have heard about DevSecOps, Shifting Left, Rugged DevOps but there are no clear examples or frameworks available for security professionals to implement in their organisation. This hands-on course will teach you exactly that, tools and techniques to embed security as part of the DevOps pipeline. We will learn how unicorns like Google, Facebook, Amazon, Etsy handle security at scale and what we can learn from them to mature our security programs.

Training Objectives

Ever wondered how to handle the deluge of security issues and reduce cost of fixing before software goes to production? How unicorns like Google, Facebook, Amazon, Etsy handle security at scale? In our Practical DevSecOps training you will learn how to handle security at scale using DevSecOps practices. We will start o with the basics of the DevOps, DevSecOps and move towards advanced concepts such as Security as Code, Compliance as Code, Configuration management and Infrastructure as code.

The training will be based on DevSecOps Studio, a distribution for DevSecOps enthusiasts. We will cover real-world DevSecOps tools and practices in order to obtain an comprehensive and in-depth understanding of the concepts learnt as part of the course. We will also cover how to use static analysis (SAST), Dynamic Analysis (DAST), OS hardening and Security Monitoring as part of the Secure SDLC and how to select tools which fit your organisation needs and culture. After the training, the students will be able to successfully hack and secure applications before hackers do. 

Who should attend

This course is aimed at anyone who is trying to embed security as part of agile/cloud/DevOps environments like Security Professionals, Penetration Testers, Red Teamers, IT managers, Developers and DevOps Engineers.

Prerequisites

The student should have basic understanding of

  1. Linux commands like ls, cd, mkdir etc.,
  2. Application security vulnerabilities like OWASP Top 10

Software and Hardware Requirements

  1. Laptop with at least 8GB of RAM, 60GB free hard disk, able to run 3 Virtual machines simultaneously
  2. Administrator access to install software

What students will be provided with

  1. Training slides
  2. Tools, software and utilities used during the course
  3. DevSecOps Studio Virtual machine setup

Course outline

DAY 1
Introduction to DevOps and DevSecOps
DevSecOps Tools of the trade including DevSecOps Studio
Secure SDLC and CI/CD pipeline
SAST (Static Analysis) in CI/CD pipeline
DAST (Dynamic Analysis) in CI/CD pipeline
Infrastructure as Code and Its Security
Automation of compliance activities to achieve PCI/DSS/HIPAA compliance
DAY 2
Basics of Cloud Computing (IaaS, PaaS, SaaS)
Shared Security Model in the Cloud
Compliance and Legal Issues in the Cloud.
AWS vs GCP vs Azure
Introduction to AWS Services (EC2, CloudWatch, CloudTrail, Lambda and many more) and their use cases
VPC and Security Groups
Typical Deployment strategies on the Cloud
DAY 3
Secure your cloud infrastructure (AWS)
Container (Docker) Security
Runtime Analysis( RASP, IAST) and how to select tools
Strategies to implement DevSecOps on cloud and on premise
Vulnerability Management with custom tools
Security Champions program and DevSecOps

Register now

SINGAPORE | 25-27 FEB 2019

$3,900 SGD – Early Bird price offer ends on 31 Dec 2019 (Regular price $4,200 SGD)

2-in-1 Package: Booking of this course includes a complimentary 2-day conference pass for DevSecCon Singapore (28 Feb - 01 Mar 2019)!

Payment methods

Pay by card (Eventbrite)

Please complete your registration on Eventbrite by selecting the ticket ‘Practical DevSecOps – Continuous Security in the age of Cloud + Regular 2-Day Pass’

Register now

Pay by bank transfer (invoice)

Terms & Conditions *

About the trainers

IMRAN MOHAMMED
DevSecOps Expert, Teachera

Mohammed A. “secfigo” Imran is a seasoned security professional with 8 years of experience in helping organisations with their Information Security Programs. He has a diverse background in R&D, consulting and product-based industries with a passion to solve complex security programs. Imran is the founder of Null Singapore, the largest information security community in Singapore where he has organised more than 60 events & workshops to spread security awareness. He was also nominated as community star for being the go-to person in the community whose contribution and knowledge sharing has helped many professionals in the security industry. He is usually seen speaking in conferences like Blackhat, DevSecCon, Null and OWASP chapters.

twitter-iconlinkedin-icon

RAGHUNATH G
DevSecOps Expert, Teachera

Raghu is an information security enthusiast, works as an Senior Security Engineer and primarily focused on Application security. He is also a chapter lead for null singapore and hyderabad chapters. Raghu has a history of performing penetration testing, source code review, architecture analysis and creating information security awareness across the security community.

linkedin-icon

Enquire now

Send us a message to find out more about our courses



I'm interested in: Real-World SecuritySecurity in the CloudDocker Security and Orchestration WorkshopPractical DevSecOps - Continuous Security in the age of cloud

This website uses cookies to ensure you get the best experience on our website More info

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Got it!" below then you are consenting to this.

Close