Siber Siaga 2024

Technical Labs & Trainings

Register

Hands-On DevSecOps

Course Details

Training Level: Basic; Intermediate

Price

Early Bird: USD2,899.00 (Use Code: SS2023TEB. Ends 30th June, 2359H)
Normal: USD3,330.00

Register

Course Abstract

What is DevSecOps?

DevSecOps is a software development methodology that integrates security into every phase of the SDLC. By adopting DevSecOps, organizations can build more secure applications and reduce the risk of data breaches and other cyber attacks.

Benefits of DevSecOps: 

● Improve security: By integrating security into the SDLC, organizations can identify and remediate security issues earlier in the development process. 

● Reduce risk: DevSecOps helps organizations reduce the risk of data breaches and other cyber attacks by building more secure applications. 

● Increase speed: By automating security testing, DevSecOps enables organizations to release software faster without sacrificing security. 

● Enhance collaboration: DevSecOps encourages collaboration between development, security, and operations teams, leading to better communication and more effective security practices.

In Hands-On DevSecOps training, you will learn how to handle security at scale using DevSecOps practices. We will start with the basics of the DevOps, and DevSecOps principles and move towards advanced concepts such as Security as Code, Compliance as Code, Configuration Management as code, Infrastructure as code, etc., 

The training will be based on DevSecOps Studio, a distribution for DevSecOps enthusiasts. We will cover real-world DevSecOps tools and practices in order to obtain an in-depth understanding of the concepts learned as part of the course. 

We will also cover how to use static analysis (SAST), Dynamic Analysis (DAST), OS hardening, and Security Monitoring as part of the Secure SDLC and how to select tools that fit your organization’s needs and culture. 

After the training, the students will be able to successfully hack and secure applications before hackers do. The training will also include a challenge at the end as part of the assessment, where the students will use skills learned in the training to solve the challenges. The students will be provided with tools, lab material, and virtual machines used during the course.

Course Outline

This course will cover the following DevSecOps topics and techniques: 

  • Introduction to DevOps and DevSecOps 
  • DevSecOps Tools of the trade including DevSecOps Studio 
  • Secure SDLC and CI/CD pipeline 
  • SCA (Software Component Analysis) in CI/CD pipeline 
  • SAST (Static Analysis) in CI/CD pipeline 
  • DAST (Dynamic Analysis) in CI/CD pipeline
  • Threat Modeling as Code in CI 
  • Infrastructure as Code and Its Security 
  • Container Security 
  • Vulnerability Management with custom tools 
  • Compliance as Code as part of CI

Who should attend?

This course is aimed at anyone who is looking to embed security as part of agile/cloud/DevOps environments.

  • Security Professionals 
  • Penetration Testers 
  • Red Teamers 
  • IT managers 
  • Developers and DevOps Engineers.

Prerequisites

  •  Familiarity with the GNU/Linux commands like ls, mkdir, etc. 
  • Basic knowledge of security concepts like OWASP Top 10, and basic networking

What to bring?

Hardware & Software Requirements: (VM Based) 

  • Laptop with minimum 16GB of RAM, 80GB free hard disk space, and should be able to run 3 virtual machines simultaneously. 
  • Administrator access to install software like virtual box, python, etc., 
  • Trainer will provide all needed software and utilities during the first day of the course 

Hardware & Software Requirements: (AWS Cloud Based)

  • Laptop with minimum 4GB of RAM, 60GB free hard disk space, and a working AWS Account with Administrator access. 
  • Administrator access to install software like Gitlab/Jenkins, Production Instance, etc., 
  • Trainer will provide all needed software and utilities during the first day of the course.

What participants will get

  • Hands-on lab exercises 
  • Code and scripts used. 
  • Reading materials and resources 
  • DevSecOps Studio VM

Trainer Profile

Raghunath Gopinath

Raghunath is an information security enthusiast primarily focused on Application security stack. He has an overall experience of 12+ years and has helped clients in improving security posture, setting up security practices across multi-domain industries like Transport, Finance, Design Platforms, E-Commerce applications etc.

He currently runs his own Application Security Consulting Services and Training as part of Eracorp Technologies based out of India. Offering expertise on Web, Cloud Security & DevSecOps services. He is also a core member of null Hyderabad chapter, an open information security community.

Raghu even has a history of training students on performing penetration testing, Application security assessments, cloud security and DevSecOps practices in local communities and at various international security conferences like Blackhat, OWASP Appsec, nullcon etc. Lastly, he is an OSCP and CEH certified professional.

Hari Valugonda

Hari Valugonda is Information security enthusiast, with over a decade of information security experience. His area of interest includes penetration testing, securing Web Applications and DevSecOps. He has implemented Devsecops pipelines for clients from scratch and optimized existing pipelines, He is Null Hyderabad chapter Leader and also the winner of Global Cyberlympics hacking competition. He is usually seen speaking in conferences like Brucon, Nullcon, OWASP and null chapters.

Scroll to top