AppSecOps Eğitimi

  • Eğitim Tipi: Classroom / Virtual Classroom / Online
  • Süre: 3 Gün
  • PDF indir
  • Bu eğitimi kendi kurumunuzda planlayabilirsiniz. Bize Ulaşın!

Application Security testing (Also known as whitebox testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and is often too late to be able to influence fundamental changes in the way code is written.

If you are a developer who requires mitigation strategies or fails to understand issues like Cross-Site Scripting, XML, External Entity attacks, Deserialization issues, Content-Security Policy and many more application security vulnerabilities and their remediation then this class is for you!

If you are Manager responsible for handling a development team and would like to give a good dose of security knowledge so that you can avoid application security bugs in your code, then you are at the right place!

If you are a DevOps engineer wondering how to automate security into your pipeline, then this course will teach you on how to metamorphose your DevOps to DevSecOps. If you would like to avoid breaches like that of Equifax in September 2017, then sign up now!

Designed for Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, Security Auditors, security enthusiasts and anyone who wants to take their skills to next level.

Any person who wishes to learn about application security vulnerabilities and understand more about their impact;

  • Developers who create web applications in any language can attend
  • Any technical person having a basic knowledge of how web applications work or is responsible for Implementing, managing or protecting web applications
  • Any DevOps engineer looking to automate security

Obtain a hands-on introduction to application security vulnerabilities like Cross-Site Scripting, SQL Injection, XXE, Authentication & authorization flaws on our purposely built vulnerable web applications to help you understand the vulnerabilities better. Thereby enabling you to defend your organization’s website or assets.

  • Identify application security bugs in code and fix them before deploying it into production
  • Identify vulnerable libraries and avoid their usage
  • Develop secure web applications so that you don’t waste your time later in fixing security issues
  • Understand the methodology that can be used to automate and integrate security
  • Understand what application security vulnerabilities are their trends
  • Gain an insight into their impact through practical demonstrations
  • Learn how to fix/avoid them by discussing various strategies, best practices, code snippets and tools
  • Learn how to inject Security into your DevOps pipeline to automate security and develop a DevSecOps pipeline

DAY 1

  • Application Security Basics
  • Understanding HTTP protocol
  • Security Misconfigurations
  • Insufficient Logging and Monitoring
  • Authentication Flaws
  • Authorization Bypass
  • Cross Site Scripting (XSS)

DAY 2

  • Cross Site Request Forgery (CSRF)
  • Server-Side Request Forgery
  • SQL Injection
  • XML External Entity (XXE) Attacks
  • Insecure File Uploads
  • Deserialization Vulnerabilities
  • Client-Side Security
  • Source Code Review

DAY 3

  • Introduction and overview of DevOps
  • What and Why of DevSecOps?
  • Integrating Security in CI/CD
  • Vulnerability Management using Archerysec
  • Secret Management using Vault, Jenkins and Docker Secrets
  • Security in Developer Workstations: Pre-Commit Hooks using Talisman
  • Software Composition Analysis using Dependency-Checker
  • SAST – Static Application Security Testing using FindSecBugs
  • DAST – Dynamic Application Security Testing using ZAP
  • Security in Infrastructure as a Code using Clair
  • Automated Vulnerability Assessment using OpenVAS
  • Compliance as Code using Inspec
  • Monitoring and Feedback using Modsecurity WAF
  • DevSecOps in AWS
  • Challenges in DevSecOps
  • DevSecOps Enablers
Eğitime kayıt olmak, eğitim planlamak ve diğer tüm konular için bize ulaşın!

Yakın tarihte açılacak eğitimler

Sınıf eğitimlerimizi İstanbul, Ankara ve Londra ofislerimizde düzenlemekteyiz. Kurumunuza özel eğitimleri ise, dilediğiniz tarih ve lokasyonda organize edebiliriz.

07 Aralık 2020

3 Gün
Classroom / Virtual Classroom

İstanbul, Ankara, Londra
Bilgi iste & Kayıt ol İstanbul, Ankara, Londra

İlgili Eğitimler

Certified DevOps Foundation

DevOps Foundation sertifikasyonu, temel DevOps prensipleri ve uygulamalarını, terminolojisini ve kül

  • Classroom
  • Virtual Classroom
  • Online

2 Gün

DevOps Practitioner

DevOps, bir yandan geliştirme ve operasyon ekipleri arasındaki işbirliğini desteklerken bir diğer ya

  • Classroom
  • Virtual Classroom
  • Online

5 Gün

Certified in The Art of Hacking

Securing customer data is often crucial when deploying and managing web applications and network i

  • Classroom
  • Virtual Classroom
  • Online

5 Gün

Application Security for Developers

Security testing (Pen Testing) as an activity tends to capture security vulnerabilities at the end

  • Classroom
  • Virtual Classroom
  • Online

2 Gün

DevSecOps

DevSecOps, ‘şifre gibi güvenlik’, ‘DevOps ve Güvenliğin evliliği’ ve ‘Güvenliğin sola kaydırılması’

  • Classroom
  • Virtual Classroom
  • Online

3 Gün

Bug Hunting Tools & Techniques

This course aims to teach delegates the various tools, techniques and procedures for identifying a

  • Classroom
  • Virtual Classroom
  • Online

2 Gün

+90 212 282 7700
info@bilginc.com