Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
課程簡介
1. DevSecOps Foundations: Security by Design
🔍 Learn: Core DevSecOps principles & secure SDLC
🛠️ Demo: Side-by-side comparison of legacy vs modern secure pipelines
🔧 Lab: Build your first DevSecOps-enabled pipeline template
2. OWASP ZAP Security Testing Bootcamp
💣 Breach Simulation:
- Deploy a vulnerable app with SQLi & XSS
- Use OWASP ZAP to detect and mitigate threats
⚙️ Defense Tactics:
- Automated scanning with ZAP
- CI/CD integration via ZAP API
🧪 Lab: Customize ZAP baseline scans + attack rules
🎯 Challenge: “Find the hidden admin panel in 10 minutes”
3. Dependency Hell: Supply Chain Defense
💣 Breach Simulation:
- Inject malicious npm package with CVEs
🛡️ Defense Tactics:
- Monitor vulnerabilities with OWASP Dependency-Track
- Enforce policy gates that fail builds on critical CVEs
🧪 Lab: Create vulnerability policies & alert workflows
⚠️ Shocking Demo: “How one bad dependency can own your infrastructure”
4. Vulnerability Management War Room
💣 Breach Simulation:
- Exploit unpatched container vulnerabilities
🛡️ Defense Tactics:
- Centralize reporting with OWASP DefectDojo
- Scan containers with Trivy
🧪 Lab: Build real dashboards for CISO/executive reporting
🏁 Competition: “Triage 50 findings faster than your rivals”
5. Secrets & Configuration Fire Drill
💣 Breach Simulation:
- Exfiltrate secrets from Git history using truffleHog
🛡️ Defense Tactics:
- Pre-commit hooks to block patterns like
password=.* - Use ZAP’s config spider to surface dangerous settings
🧪 Lab: Implement GitHub Actions secrets scannin
🚨 Reality Check: “Your database password is in Slack right now”
6. Wrap-Up: DevSecOps Battle Plan
🧭 OWASP Integration Roadmap:
- Plan your DefectDojo, Dependency-Track, and ZAP adoption
📋 Personal Action Plan:
- Draft your 30-day security checklist
- Define your DevSecOps KPIs & reporting dashboards
最低要求
Foundational software and SDLC experience
Audience
DevOps, Security & Cloud Engineers who hate theoretical security talks
7 時間:
客戶評論 (5)
每個模組都有多個示例,並且對培訓師有深入的瞭解。
Sebastian - BRD
Course - Secure Developer Java (Inc OWASP)
機器翻譯
Module3 Applications Attacks and Exploits, XSS, SQL 注入 Module4 伺服器攻擊和漏洞利用、DOS、BOF
Tshifhiwa - Vodacom
Course - How to Write Secure Code
機器翻譯
Real-life examples.
Kristoffer Opdahl - Buypass AS
Course - Web Security with the OWASP Testing Framework
The trainer's subject knowledge was excellent, and the way the sessions were set out so that the audience could follow along with the demonstrations really helped to cement that knowledge, compared to just sitting and listening.
Jack Allan - RSM UK Management Ltd.
Course - Secure Developer .NET (Inc OWASP)
Piotr was very knowledgeable and related security issues to real world examples very well. His preparation was brilliant.
