Get in Touch

Course Outline

1. DevSecOps Foundations: Security by Design

🔍 Learn: Core DevSecOps principles and secure SDLC practices

🛠️ Demo: Side-by-side comparison of legacy versus modern secure pipelines

🔧 Lab: Construct your first DevSecOps-enabled pipeline template

2. OWASP ZAP Security Testing Bootcamp

💣 Breach Simulation:

  • Deploy a vulnerable application featuring SQLi and XSS
  • Utilise OWASP ZAP to detect and mitigate threats

⚙️ Defense Tactics:

  • Automated scanning using ZAP
  • CI/CD integration via the ZAP API

🧪 Lab: Customise ZAP baseline scans and attack rules

🎯 Challenge: 'Locate the hidden admin panel within 10 minutes'

3. Dependency Hell: Supply Chain Defense

💣 Breach Simulation:

  • Inject a malicious npm package containing CVEs

🛡️ Defense Tactics:

  • Monitor vulnerabilities using OWASP Dependency-Track
  • Enforce policy gates that fail builds upon detecting critical CVEs

🧪 Lab: Create vulnerability policies and alert workflows

⚠️ Shocking Demo: 'How one bad dependency can own your infrastructure'

4. Vulnerability Management War Room

💣 Breach Simulation:

  • Exploit unpatched container vulnerabilities

🛡️ Defense Tactics:

  • Centralise reporting with OWASP DefectDojo
  • Scan containers using Trivy

🧪 Lab: Build real-time dashboards for CISO and executive reporting

🏁 Competition: 'Triage 50 findings faster than your rivals'

5. Secrets and Configuration Fire Drill

💣 Breach Simulation:

  • Exfiltrate secrets from Git history using truffleHog

🛡️ Defense Tactics:

  • Implement pre-commit hooks to block patterns like password=.*
  • Utilise ZAP’s config spider to surface dangerous settings

🧪 Lab: Implement GitHub Actions secrets scanning

🚨 Reality Check: 'Your database password is in Slack right now'

6. Wrap-Up: DevSecOps Battle Plan

🧭 OWASP Integration Roadmap:

  • Plan your adoption of DefectDojo, Dependency-Track, and ZAP

📋 Personal Action Plan:

  • Draft your 30-day security checklist
  • Define your DevSecOps KPIs and reporting dashboards

Requirements

Foundational software development and SDLC experience

Audience

DevOps, Security, and Cloud Engineers who disdain theoretical security lectures

 7 Hours

Testimonials (2)

Related Categories