Virtual Learning: 2,050€ + IVA

REF: NSSDEVSEC Catálogo: Cybersecurity Área: Claranet Cyber Security (NotSoSecure), Cybersecurity

Duração icon


2 dias

Próxima Data icon

Próxima Data:


Local icon




Keep up with DevOps modernization and widen your career prospects. This practical 2-day course will help you build your own DevSecOps pipeline so you can make products secure by design. Get your hands dirty with our popular virtual labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat. Learn how to use and automate the most popular and effective security tools and practices, overcome common DevSecOps challenges, instil security culture within your team, and more...

This course uses a Defense by Offence methodology based on real world offensive research (not theory). That means everything we teach has been tried and tested, either on a live environment or in our labs, and can be applied (by you) once the course is over.

*PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.


  • Developers
  • DevOps/DevSecOps engineers
  • Application security engineers
  • Ops teams
  • CISOs
  • Área: Cybersecurity

  • Certificação Associada: N/A

Quero inscrever-me.


Lab Setup

  • Online Lab Setup
  • Offline Lab Instructions

Introduction to DevOps

  • What is DevOps?
  • Lab: creating a DevOps pipeline

Introduction to DevSecOps

  • Challenges for Security in DevOps
  • DevOps Threat Model
  • DevSecOps – Why, What and How?
  • Vulnerability Management

Continuous Integration

  • Pre-Commit Hooks
  • Introduction to Talisman
  • Lab: Running Talisman
  • Lab: Create your own regexes for Talisman
  • Secrets Management
  • Introduction to HashiCorp Vault
  • Demo: Vault Commands

Continuous Delivery

  • Software Composition Analysis (SCA)
  • Introduction to OWASP Dependency-Check
  • Lab: Run OWASP Dependency-Check pipeline
  • Lab: Fix issues reported by Dependency-Check
  • Static Analysis Security Testing (SAST)
  • Introduction to Semgrep
  • Lab: Run Semgrep pipeline
  • Lab: Create your own Semgrep rules
  • Lab: Fix issues reported by Semgrep
  • Dynamic Analysis Security Testing (DAST)
  • Introduction to OWASP ZAP
  • Demo: Creating OWASP ZAP Context File
  • Lab: Run OWASP ZAP in pipeline

Infrastructure As Code

  • Vulnerability Assessment (VA)
  • Introduction to OpenVAS
  • Lab: Run OpenVAS pipeline
  • Container Security (CS)
  • Introduction to Trivy
  • Lab: Run Trivy in Pipeline
  • Lab: Improvise Docker base image
  • Compliance as Code (CaC)
  • Introduction to Chef Inspec
  • Lab: Run Chef Inspec in pipeline
  • Lab: Improvise with Docker compliancy controls

Continuous Monitoring

  • Logging – why to do it, how, and what logs to collect.
  • Introduction to the ELK Stack
  • Lab: View Logs in Kibana
  • Alerting – how to create alerts that help you prioritize
  • Introduction to ElastAlert and ModSecurity
  • Lab: View alerts in Kibana
  • Monitoring – how to track and learn from malicious activity
  • Lab: Create Attack Dashboards in Kibana

DevSecOps in AWS

  • What does DevOps on Cloud Native AWS look like?
  • AWS Threat Landscape
  • Shifting to DevSecOps in Cloud Native AWS

DevSecOps Challenges and Enablers

  • Challenges with DevSecOps
  • How to build a DevSecOps culture
  • Security champions – how to create DevSecOps advocates across your team
  • Case study: how organizations use automation to implement development security best practice
  • Where to begin
  • DevSecOps maturity model


You should bring a laptop with a minimum 12 GB RAM and 40 GB of extra space and also have administrator privileges. In order to access our labs you'll need an unfiltered direct connection to the internet. Our labs will not be accessible from behind a proxy or a firewalled internet connection

Quero inscrever-me.


We meet future and then we make it spark slogan

Precisas de ajuda a encontrar o teu futuro?

The answer you entered for the CAPTCHA was not correct.

A background of the Ignit sparks