AppSecOps Eğitimi

Any person who wishes to learn about application security vulnerabilities and understand more about their impact;

• Developers who create web applications in any language can attend
• Any technical person having a basic knowledge of how web applications work or is responsible for Implementing, managing or protecting web applications
• Any DevOps engineer looking to automate security

Obtain a hands-on introduction to application security vulnerabilities like Cross-Site Scripting, SQL Injection, XXE, Authentication & authorization flaws on our purposely built vulnerable web applications to help you understand the vulnerabilities better. Thereby enabling you to defend your organization’s website or assets.

• Identify application security bugs in code and fix them before deploying it into production
• Identify vulnerable libraries and avoid their usage
• Develop secure web applications so that you don’t waste your time later in fixing security issues
• Understand the methodology that can be used to automate and integrate security
• Understand what application security vulnerabilities are their trends
• Gain an insight into their impact through practical demonstrations
• Learn how to fix/avoid them by discussing various strategies, best practices, code snippets and tools
• Learn how to inject Security into your DevOps pipeline to automate security and develop a DevSecOps pipeline

DAY 1

• Application Security Basics
• Understanding HTTP protocol
• Security Misconfigurations
• Insufficient Logging and Monitoring
• Authentication Flaws
• Authorization Bypass
• Cross Site Scripting (XSS)

DAY 2

• Cross Site Request Forgery (CSRF)
• Server-Side Request Forgery
• SQL Injection
• XML External Entity (XXE) Attacks
• Insecure File Uploads
• Deserialization Vulnerabilities
• Client-Side Security
• Source Code Review

DAY 3

• Introduction and overview of DevOps
• What and Why of DevSecOps?
• Integrating Security in CI/CD
• Vulnerability Management using Archerysec
• Secret Management using Vault, Jenkins and Docker Secrets
• Security in Developer Workstations: Pre-Commit Hooks using Talisman
• Software Composition Analysis using Dependency-Checker
• SAST – Static Application Security Testing using FindSecBugs
• DAST – Dynamic Application Security Testing using ZAP
• Security in Infrastructure as a Code using Clair
• Automated Vulnerability Assessment using OpenVAS
• Compliance as Code using Inspec
• Monitoring and Feedback using Modsecurity WAF
• DevSecOps in AWS
• Challenges in DevSecOps
• DevSecOps Enablers