Back To Schedule
Monday, July 2 • 8:00am - Wednesday, July 4 • 5:00pm
3 day Training: Practical DevSecOps: Continuous Security in the Age of Cloud LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

Ever wondered how to handle deluge of security issues and reduce cost of fixing before software goes to production ? How unicorns like Google, Facebook, Amazon, Etsy handle security at scale?  In Practical DevSecOps training you will learn how to handle security at scale using DevSecOps practices. We will start off with the basics of the DevOps, DevSecOps and move towards advanced concepts such as Security as Code, Compliance as Code, Configuration management, Infrastructure as code etc.,

The training will be based on DevSecOps Studio, a distribution for DevSecOps enthusiasts and various OWASP tools like SKF, DefectDojo, Mod Security Core Rule Set. We will cover real-world DevSecOps tools and practices in order to obtain an in-depth understanding of the concepts learnt as part of the course.

We will also cover how to use static analysis (SAST), Dynamic Analysis (DAST), OS hardening, Security Dashboards and Vulnerability management as part of the Secure SDLC and how to select tools which fit your organization’s needs and culture.

After the training, the students will be able to successfully hack and secure applications before hackers do. The students will be provided with slides, tools and Virtual machines used during the course.

This course will cover the following DevSecOps topics and techniques:
1. Introduction to DevOps and DevSecOps:
2. DevSecOps Tools of the trade including DevSecOps Studio
3. Secure SDLC and CI/CD pipeline
4. Amazon Web Services and its various security features
5. Container (Docker) Security
6. Configuration/Secret Management and its Security
7. SAST (Static Analysis) in CI/CD pipeline
8. DAST (Dynamic Analysis) in CI/CD pipeline
9. Runtime Analysis( RASP, IAST) and how to select tools.
10. Infrastructure as Code and Its Security
11. Vulnerability Management with custom tools
12. Virtual Patching and Application Security Dashboards
13. Automate compliance activities to achieve PCI/DSS/HIPAA compliance

Who should attend:
This course is aimed at anyone who is looking to embed security as part of agile/cloud/DevOps environments, like Security Professionals, Penetration Testers, Red Teamers, IT managers, Developers and DevOps Engineers.

The student should have some knowledge of basic linux commands like ls, cd, mkdir etc.,
The student should have some basic understanding of application Security vulnerabilities like OWASP Top 10.

avatar for Raghunath Gopinath

Raghunath Gopinath

Security Researcher
Raghu is an information security enthusiast and primarily focused on Application security services from past 7.9 years. He presently works on security automation using DevSecOps practices. Also, he is a founder of null Hyderabad chapter and one of the lead for null Singapore chapter... Read More →
avatar for Mohammed Imran

Mohammed Imran

Senior Security Engineer, ZenDesk
Mohammed “secfigo” Imran is a seasoned security professional with 8 years of experience in helping organizations with their Information Security Programs. He has a diverse background in R&D, consulting and product-based industries with a passion to solve complex security programs... Read More →

Monday July 2, 2018 8:00am - Wednesday July 4, 2018 5:00pm BST
Albert - 2nd Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE