AppSec Europe 2018

Ever wondered how to handle deluge of security issues and reduce cost of fixing before software goes to production ? How unicorns like Google, Facebook, Amazon, Etsy handle security at scale?  In Practical DevSecOps training you will learn how to handle security at scale using DevSecOps practices. We will start off with the basics of the DevOps, DevSecOps and move towards advanced concepts such as Security as Code, Compliance as Code, Configuration management, Infrastructure as code etc.,

The training will be based on DevSecOps Studio, a distribution for DevSecOps enthusiasts and various OWASP tools like SKF, DefectDojo, Mod Security Core Rule Set. We will cover real-world DevSecOps tools and practices in order to obtain an in-depth understanding of the concepts learnt as part of the course.

We will also cover how to use static analysis (SAST), Dynamic Analysis (DAST), OS hardening, Security Dashboards and Vulnerability management as part of the Secure SDLC and how to select tools which fit your organization’s needs and culture.

After the training, the students will be able to successfully hack and secure applications before hackers do. The students will be provided with slides, tools and Virtual machines used during the course.

This course will cover the following DevSecOps topics and techniques:
1. Introduction to DevOps and DevSecOps:
2. DevSecOps Tools of the trade including DevSecOps Studio
3. Secure SDLC and CI/CD pipeline
4. Amazon Web Services and its various security features
5. Container (Docker) Security
6. Configuration/Secret Management and its Security
7. SAST (Static Analysis) in CI/CD pipeline
8. DAST (Dynamic Analysis) in CI/CD pipeline
9. Runtime Analysis( RASP, IAST) and how to select tools.
10. Infrastructure as Code and Its Security
11. Vulnerability Management with custom tools
12. Virtual Patching and Application Security Dashboards
13. Automate compliance activities to achieve PCI/DSS/HIPAA compliance

Who should attend:
This course is aimed at anyone who is looking to embed security as part of agile/cloud/DevOps environments, like Security Professionals, Penetration Testers, Red Teamers, IT managers, Developers and DevOps Engineers.

Prerequisites:
The student should have some knowledge of basic linux commands like ls, cd, mkdir etc.,
The student should have some basic understanding of application Security vulnerabilities like OWASP Top 10.