DevSecOps Training

Course Details

You will be able to:

Our interactive course format enables you to get hands on throughout the session, including:

• Running different tools and testing them against realistic use cases in your own dedicated lab
• Automating code reviews to check software for vulnerabilities
• Modelling a Secure by Design environment module by module
• Discussing how to embed the human and cultural aspects of DevSecOps

You will receive:

This course uses a Defense by Offence methodology based on real world offensive research (nottheory). That means everything we teach has been tried and tested, either on a live environment or inour labs, and can be applied (by you) once the course is over. By the end of the course, you’ll know:

• How cyber criminals and penetration testers exploit insecure DevOps practices
• Exactly where to start when shifting from DevOps to DevSecOps
• How to use Talisman to create pre-commit hooks to lower the chance of credentials and other secrets being exposed during development
• How to automate security into a fast-paced DevOps environment using various opensource tools and scripts that don’t slow down delivery
• How to secure your methodology for managing and delivering Infrastructure as Code (IaC)
• How to use the Elastic (ELK) Stack to monitor your applications’ behaviors with logs and alerts
• How to achieve DevSecOps in cloud native AWS
• What challenges to expect when moving to a DevSecOps model and how to overcome them
• How to mature your DevSecOps approach over time

Why it is relevant

This course was met with an incredible response when we delivered it at OWASP’s 2022 AppSec Days Developer Security Summit. Despite growing awareness around the need to shift security left, speed of development is still taking precedent over risk in many organizations, leaving security behind with every deploy. Moving from DevOps to DevSecOps without slowing down is a real challenge. You need to know which tools to use, what processes to put in place and how to govern them, and how change the culture of development at the people level. Maybe most importantly, you need to know where to start.

Our DevSecOps course syllabus responds to that challenge by:

• Covering the most recognized (and effective) DevSecOps tools, so you can put them into practice.
• Showing you how you to maintain automation and speed without compromising security.
• Addressing the challenges that teams often come up against, so you can prepare to do the same.
• Tackling DevSecOps in the cloud to help you adapt your approach for different environments.
• Acknowledging and responding to the security skills gap that exists in most development teams.
• Covering everything that DevSecOps stakeholders need to know (not just the development aspect)

What you can take away from the course:

• Hands-on experience with DevSecOps tools to help you learn what they do and how to use them
• Working knowledge of how to implement these security tools and other practices in your DevOps pipeline
• An offline lab setup, which you can replicate on your own computer to create and practice in the same environment in your own time (we will provide a folder and instructions for setup on Linux/MAX or Windows)

Details of the course content:

What you will get

• Certificate of completion
• Your own offline lab setup to use after the course
• 8 Continuing Professional Education (CPE) credits awarded per day of training fulfilled.
• Learning pack, including question & answer sheets, setup documents, and command cheat sheets

Course highlights

What delegates love:

• Offensive angle: you’ll learn from practicing penetration testers and red teamers with working knowledge of the latest and most common software hacks.
• Browser based:the course has no software dependency and requires no installations, making it fast to get set up and easier to get security clearance (all you need is internet access and a GitHub account)
• Multiple mitigations: for every vulnerability covered, you’ll explore 3 to 4 remediations, helping you develop a versatile approach.
• Technology focus: almost two full days spent testing the industry’s preferred DevSecOps tools, for free.
• Real-world learning: in an industry where most of the leading cybersecurity training courses are based on theory, our scenario-led, research-based approach ensures you learn how real threat actors think and act.

Outcomes for budget holders

This course is designed to equip all the relevant stakeholders for the shift from DevOps to DevSecOps without losing speed or efficiency, helping to:

• Increase the frequency and consistency of secure (vulnerability-free) software releases
• Lower the cost of remediation by identifying vulnerabilities before software is deployed
• Manage the likelihood and impact of security incidents originating from insecure code and development practices
• Identify security issues that need dedicated, in-depth security testing (e.g., business logic issues) to validate the risk they pose and recommend remediation measures
• Develop the organization’s competitive advantage for security-conscious customers
• Test the effectiveness of tools before committing to investment
• Nurture and retain passionate, highly skilled, and security conscious employees
• Demonstrate commitment to security through training and change management