DevSecOps - Automating Security in DevOps at Global AppSec

Date: 

Sep 11 2019 - 09:00

Venue: 

Washington Marriott Wardman Park Hotel, Washington, D.C.

Event type: 

Global AppSec - DC is coming September 9-13, 2019 to the Washington Marriott Wardman Park Hotel in the nation’s capital. Formerly known as Global AppSec US, this week long event is the largest gathering for the open security community in North America. Designed for private and public sector infosec professionals, the OWASP three day training and two-day conference equips developers, defenders, and advocates to build a more secure web.

Claranet Cyber Security and NotSoSecure are running a course on DevSecOps - Automating Security in DevOps.

1-day course - 11th September 2019

Instructors: Rohit Salecha

Modern enterprises are implementing the technical and cultural changes required to embrace DevOps methodology. DevSecOps extends DevOps by introducing security early into the SDLC process, thereby minimizing the security vulnerabilities and enhancing the software security posture. In this workshop, we will show how this can be achieved through a series of live demonstrations and practical examples using open source tools.

As part of this workshop attendees will receive a state-of-the-art DevSecOps tool-chest comprising of various open-source tools and scripts to help the DevOps engineers in automating security within the CI/CD pipeline. While the workshop uses Java/J2EE framework, the workshop is language agnostic and similar tools can be used against other application development frameworks. The workshop will also present various case studies on how critical bugs and security breaches affecting popular software and applications could have been prevented using a simple DevSecOps approach.

Who should take this course
The DevSecOps workshop will give the audience a holistic approach in assessing and securing the web applications in an automated fashion within the existing CI/CD pipeline, ideal for DevOps engineers, security and solutions architects, system administrators and anybody who is willing to inject security aspects in their DevOps process.

Student requirements
Our workshop is an interactive session, so the attendees only need to carry a laptop with them. We also encourage the attendees to download and try the tools and techniques discussed during the workshop as the instructor is demonstrating it.

What students should bring
A Laptop with Wifi connectivity and admin privileges.

What students will be provided with
The attendees will also receive a free DevSecOps tool-chest (designed by the NotSoSecure team) which can be directly implemented in most CI/CD pipelines.