This training is a comprehensive, focused and practical approach at implementing Security for your Continuous Delivery Pipeline. The training is backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work.
The training begins with a detailed view of Continuous Application Security, through Application Security Automation with SAST, DAST, SCA, IAST and RASP. We will focus on real-world tools and techniques to automate application security tooling in CI/CD pipelines. Including a deep-dive of several popular Test Automation Frameworks like Tavern, Robot Framework and Selenium that can be leveraged extensively to parameterize application security tests with test automation scripts.
Subsequently, the training focuses on Cloud Security with a focus on Amazon Web Services (AWS), where we will use Terraform, AWS-CDK and Boto3 among other tools to deploy and configure security parameters and features for various Cloud services.
At the end of the training, participants will have immediate takeaways and practical techniques that they can use for their own implementations of DevSecOps, within their organization. The tools and frameworks detailed in the program are largely open-source or freely available, thereby ensuring that participants can actually implement these scalable DevSecOps programs without having to additionally invest in tooling.
- Application Security Engineers
- DevOps Professionals
- Security Engineers
- Security Managers who are trying to understand how they should implement Security for DevOps
- Security Architects
- Working knowledge of Application Security concepts and vulnerabilities (OWASP Top 10, Application Security concepts)
- Basic knowledge of Linux command line
- Basic knowledge of some (any) programming language
- Basic/Rudimentary understanding of Cloud concepts and services
- A laptop or a tablet(with keyboard) with a browser installed
- AWS account with root/admin privileges - Free tier works
- Instructions for the Labs
- Slides for the entire session + Speaker notes
- Access to we45 cloud labs
- Code snippets used and the setup files to configure lab environment post-training
Subject matter experts from we45