DevSecOps & AppSec
Replicate the success of your application security program, in scale.
Incorporating robust and resilient application security practices within a continuous delivery pipeline can be challenging. This is why scalable application security is an essential requirement for any product, especially within mature software delivery environments utilizing DevOps practices.
The DevSecOps Masterclass starts with Application Security Automation for SAST, DAST, SCA, IAST and RASP, apart from Vulnerability Management and Correlation. Finally, the training concludes with leveraging Security Automation in the Cloud with detailed perspectives of implementing scalable security for cloud-native deployments. By the end of this 2-day training, attendees will have enough ideas and hands-on experience in-order to successfully kickoff DevSecOps implementations.
The DevSecOps - DAST Automation Edition is a focused training in integrating and automating Dynamic Scanning tools like BurpSuite and OWASP ZAP. You will learn to leverage Test Automation Frameworks to perform fully authenticated and contextually aware scanning of your web applications and web services. In addition, you'll be building custom scripts for OWASP ZAP and BurpSuite to expand your scanning workflows
- Neha Malick, ANZ
I found it really enjoyable because there was a lot of new information that we probably wouldn’t have come across in our organisations. It will be to very useful to see how we can implement all the information Abhay has given us to improve our processes and DevSecOps pipeline. And it was really good to see it done in a light-weight and fast manner to keep up with the demands of the agile development. Abhay was really patient with all our questions. I learnt a lot.
- Peter van Oosterom, Zimbani Pty Ltd
It was a really good show. Very comprehensive covering everything from automation build pipeline to how to do threat modelling in a different way, which has actually resonated well with a lot of the work I do with dev teams today.
- Liou Liu, MLC Life Insurance
This training showed me the different ways in which different elements like threat modelling and automation testing go together. The class opened my eyes in terms of what is coming to security automation in the next 2-3 years. I think application of automation is very important with everything moving so fast. I'm going to learn and implement what I learnt from this class.
Our Application Security and Cloud Security programs is a regular feature at marquee application security conferences across the world.
Who is this training for?
This program is focused towards delivering application security at scale to organisations. It is therefore aimed at product teams who wish to automate their application security testing to keep pace with product releases in an agile environment.
Does this training program require prior or current usage of any specific tools or platforms?
No. But the course does introduce concepts of DAST, SAST, SCA and Correlation platforms in conjunction with standard engineering platforms such as Jenkins and JIRA which are easier to digest with prior exposure.
This blog outlines the steps involved in integrating one of the most prominent DAST tools Burp with Jenkins.
Understand our perspective on what it takes to successfully implement DevSecOps in an organization.
Here is our compilation of common misconceptions aimed at anyone either currently involved in or in the process of adopting DevSecOps in the near future.