PRICE: € 1.875 p.p. (excl. VAT)
This course is not a course on writing secure code, but more about how developers and those involved in the development process, can help create more secure applications by utilising numerous tools and standards. The aim of the course is to enable those involved in an agile-like development process to add security testing into an already pressured short iteration cycle. It also aims to help with the lack of information security knowledge and awareness of how modern applications are targeted, attacked and breached.
Introduction to SecDevOps
• Secure SDLC and AppSec Management
• OWASP Top 10 and OWASP ASVS
• SQL and other Injection attacks
• Cross-Site Scripting (XSS)
Integrating security into DevOps teams Risk Workflows Rugged Software Using Artificial Intelligence for proactive defense
• Enumerating & Exploiting Vulnerabilities
• Threat Modelling
• Abusing Risk
• Accepting Risk
• Test Cases: why should you care?
• Understand how Docker works and how security can be applied
• Understand Docker daemon protections
• Understand Docker image/container protections
• Running security scanners on images.
WHAT STUDENTS WILL BE PROVIDED WITH
• A training portal will be made available to all students before they attend the training
• Via the training portal you gain access to the slides used and any prerequisite information
• All content for the course, including tools required and instructions to configure your environment, will be made available via the training portal
WHO SHOULD TAKE THIS COURSE
• Those responsible for slinging code
• DevOps lovers
• Those involved in Agile dev
• The mildly curious about if it's possible to produce secure apps
INSTRUCTOR: CHRIS LE ROY
Chris Le Roy is a Senior Security Analyst and Team Leader at SensePost, based out of London. His life can be divided into two phases,
before and after the beard. Before the beard, Chris completed an Honors degree in Computer Science at the University of Pretoria. After the beard, Chris joined SensePost where he developed an interest in mobile and application security.
Now he is a regular BlackHat trainer who has gone from building to tearing apart all manner of things as he transitioned from software engineer to hacker. Notably, his tool for developing Click Jacking test cases against web applications was presented at Black Hat EU's Arsenal session in 2015 in Las Vegas and BSides in Cape Town. He was also responsible for the development and presentation of one of the first SecDevOps courses at BlackHat USA.