AppSecOps Training icon

AppSecOps Training

Our suite of defensive courses are aimed at helping Developers understand and mitigate application security vulnerabilities.

A 4 day course to help you to understand and mitigate application security vulnerabilities, combining our DevSecOps and AppSec for Developers courses

AppSec for Developers

AppSec for Developers

This class has being written due to the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This class aims at educating developers about various security vulnerabilities.

Learn more

DevSecOps

DevSecOps

DevSecOps extends DevOps by introducing security early into the SDLC process, thereby minimizing the security vulnerabilities and enhancing the software security posture.

Learn more

Upcoming events:

  • Overview
  • Details
  • Pre-requisites & Audience
  • PDF Download

Outline of the course:

Application Security testing (Also known as whitebox testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and is often too late to be able to influence fundamental changes in the way code is written.

If you are a developer who requires mitigation strategies or fails to understand issues like Cross-Site Scripting, XML, External Entity attacks, Deserialization issues, Content-Security Policy and many more application security vulnerabilities and their remediation then this class is for you!

If you are Manager responsible for handling a development team and would like to give a good dose of security knowledge so that you can avoid application security bugs in your code, then you are at the right place!

If you are a DevOps engineer wondering how to automate security into your pipeline, then this course will teach you on how to metamorphose your DevOps to DevSecOps. If you would like to avoid breaches like that of Equifax, then sign up now!

Length of course:

A four day course

The class covers the following modules:

Day 1

  • Application Security Basics
  • Understanding HTTP protocol
  • Security Misconfigurations
  • Insufficient Logging and Monitoring
  • Authentication Flaws
  • Authorization Bypass
  • Cross Site Scripting (XSS)

Day 2

  • Cross Site Request Forgery (CSRF)
  • Server-Side Request Forger
  • SQL Injection
  • XML External Entity (XXE) Attacks
  • Insecure File Uploads
  • Deserialization Vulnerabilities
  • Client-Side Security
  • Source Code Review

Day 3

  • Introduction and overview of DevOps
  • What and Why of DevSecOps?
  • Integrating Security in CI/CD
  • Vulnerability Management using Archerysec
  • Secret Management using Vault, Jenkins and Docker Secrets
  • Security in Developer Workstations: Pre-Commit Hooks using Talisman
  • Software Composition Analysis using Dependency-Checker
  • SAST – Static Application Security Testing using FindSecBugs
  • DAST – Dynamic Application Security Testing using ZAP
  • Security in Infrastructure as a Code using Clair
  • Automated Vulnerability Assessment using OpenVAS
  • Compliance as Code using Inspec
  • Monitoring and Feedback using Modsecurity WAF
  • DevSecOps in AWS
  • Challenges in DevSecOps
  • DevSecOps Enablers

Audience

  • Any person who wishes to learn about application security vulnerabilities and understand more about their impact
  • Developers who create web applications in any language can attend
  • Any technical person having a basic knowledge of how web applications work or is responsible for Implementing, managing or protecting web applications
  • Any DevOps engineer looking to automate security

Requirements

The only requirement for this class is that you bring your own laptop with minimum version JDK 8.0 installed with administrator rights and lots of caffeine!

Download

Download PDF

Other courses to further your knowledge

Lab-based training - written by Black Hat trainers.

These classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform penetration testing on infrastructure or web applications as a day job and wish to add to their existing skill set.

Enquire about your training

We provide training directly (remote or in person) and also work with a range of training partners in different locations around the globe for classroom or remote training. Please contact us with details of your requirement and we will recommend the best route to access our amazing training.

Our accreditations

Crest
Check penetration testing
Cyber essentials
CEH Accreditation
CCISO Accreditation
CISSP Accreditation
CRISC Accreditation
OSCE Accreditation