1 day DevSecOps training class
Brand new for 2019, this one day course delves into DevSecOps and explores how introducing security early into the SDLC process enables you to minimize software vulnerabilities and enhance your security posture. The workshop is an interactive day comprising of live demonstrations and practical examples, building your skills in a sophisticated hack-lab with access to a state of the art DevSecOps tool-chest.
The course is available directly from Claranet Cyber Security or you can book through one of our partners. The course is now available as live, online training and can be delivered for you individually or for your company. Contact us below with your requirements.
- Pre-requisites & Audience
- Brochure Download
Modern enterprises have been constantly implementing the technical and cultural changes required to adapt and embrace the DevOps methodology. The practice of DevSecOps extends DevOps by introducing security early into the SDLC process, thereby minimizing software vulnerabilities and enhancing its overall security posture. In this workshop, we will show how this can be achieved through a series of live demonstrations and practical examples.
As part of this workshop, the attendees will receive a state-of-the-art DevSecOps tool-chest comprising of various open-source tools and scripts to help the DevOps engineers in automating security within the CI/CD pipeline. While the workshop uses Java/J2EE framework, the workshop is language agnostic and similar tools can be used against other application development frameworks.
The following topics, which encompass an entire Secure DevOps methodology, will be covered:
- Introduction and overview of DevOps
- The What and why of DevSecOps?
- Integrating Security in CI/CD
- Vulnerability Management using Archerysec
- Secret Management using Vault, Jenkins and Docker Secrets
- Security in Developer Workstations: Pre-Commit Hooks using Talisman
- Software Composition Analysis using Dependency-Checker
- SAST – Static Application Security Testing
- DAST – Dynamic Application Security Testing using open-source tools like ZAP and Arachni
- Compliance as Code
- Security in Infrastructure as a Code using Clair
- Production Real-Time Alerting and Monitoring using Modsecurity WAF
- DevSecOps in AWS
- Challenges in DevSecOps
- DevSecOps Enablers
DevSecOps Workshop, which will give the target audience a holistic approach in assessing and securing the web applications in an automated fashion within the existing CI/CD pipeline, can be attended by DevOps engineers, security and solutions architects, system administrators and anybody who is willing to inject security aspects in their DevOps process.
Our workshop will be delivered as an interactive session, so the attendees only need to carry a laptop with them with Wifi connectivity and admin privileges. We also encourage the attendees to download and try the tools and techniques discussed during the workshop as the instructor is demonstrating it.
The attendees will receive a free “DevSecOps tool-chest” (designed by the NotSoSecure team) which can be directly implemented in most of the CI/CD pipelines.
Book your training
We provide training directly (remote or in person) and also work with a range of training partners in different locations around the globe for classroom or remote training. Please contact us with details of your requirement and we will recommend the best route to access our amazing training.
The course can also be booked directly through our accredited training partners.
Other courses part of our ethical Hacking Training
Lab-based training - written by BlackHat trainers.
Classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform penetration testing on infrastructure / web applications as a day job and wish to add to their existing skill set.