Duração:
2 dias
Próxima Data:
Consulte-nos
Local:
Online
Descrição
Keep up with DevOps modernization and widen your career prospects. This practical 2-day course will help you build your own DevSecOps pipeline so you can make products secure by design. Get your hands dirty with our popular virtual labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat. Learn how to use and automate the most popular and effective security tools and practices, overcome common DevSecOps challenges, instil security culture within your team, and more...
This course uses a Defense by Offence methodology based on real world offensive research (not theory). That means everything we teach has been tried and tested, either on a live environment or in our labs, and can be applied (by you) once the course is over.
*PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.
Destinatários
- Developers
- DevOps/DevSecOps engineers
- Application security engineers
- Ops teams
- CISOs
-
Área: Cybersecurity
-
Certificação Associada: N/A
Programa:
Lab Setup
- Online Lab Setup
- Offline Lab Instructions
Introduction to DevOps
- What is DevOps?
- Lab: creating a DevOps pipeline
Introduction to DevSecOps
- Challenges for Security in DevOps
- DevOps Threat Model
- DevSecOps – Why, What and How?
- Vulnerability Management
Continuous Integration
- Pre-Commit Hooks
- Introduction to Talisman
- Lab: Running Talisman
- Lab: Create your own regexes for Talisman
- Secrets Management
- Introduction to HashiCorp Vault
- Demo: Vault Commands
Continuous Delivery
- Software Composition Analysis (SCA)
- Introduction to OWASP Dependency-Check
- Lab: Run OWASP Dependency-Check pipeline
- Lab: Fix issues reported by Dependency-Check
- Static Analysis Security Testing (SAST)
- Introduction to Semgrep
- Lab: Run Semgrep pipeline
- Lab: Create your own Semgrep rules
- Lab: Fix issues reported by Semgrep
- Dynamic Analysis Security Testing (DAST)
- Introduction to OWASP ZAP
- Demo: Creating OWASP ZAP Context File
- Lab: Run OWASP ZAP in pipeline
Infrastructure As Code
- Vulnerability Assessment (VA)
- Introduction to OpenVAS
- Lab: Run OpenVAS pipeline
- Container Security (CS)
- Introduction to Trivy
- Lab: Run Trivy in Pipeline
- Lab: Improvise Docker base image
- Compliance as Code (CaC)
- Introduction to Chef Inspec
- Lab: Run Chef Inspec in pipeline
- Lab: Improvise with Docker compliancy controls
Continuous Monitoring
- Logging – why to do it, how, and what logs to collect.
- Introduction to the ELK Stack
- Lab: View Logs in Kibana
- Alerting – how to create alerts that help you prioritize
- Introduction to ElastAlert and ModSecurity
- Lab: View alerts in Kibana
- Monitoring – how to track and learn from malicious activity
- Lab: Create Attack Dashboards in Kibana
DevSecOps in AWS
- What does DevOps on Cloud Native AWS look like?
- AWS Threat Landscape
- Shifting to DevSecOps in Cloud Native AWS
DevSecOps Challenges and Enablers
- Challenges with DevSecOps
- How to build a DevSecOps culture
- Security champions – how to create DevSecOps advocates across your team
- Case study: how organizations use automation to implement development security best practice
- Where to begin
- DevSecOps maturity model
Pré-requisitos:
You should bring a laptop with a minimum 12 GB RAM and 40 GB of extra space and also have administrator privileges. In order to access our labs you'll need an unfiltered direct connection to the internet. Our labs will not be accessible from behind a proxy or a firewalled internet connection
Partilha: