Duração: 21 horas
Próxima Data: 20/01/2021 a 22/01/2021
Certificação Associada: N/A
Local: Lisboa e Porto
Application Security testing (Also known as whitebox testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and is often too late to be able to influence fundamental changes in the way code is written.
If you are a developer who requires mitigation strategies or fails to understand issues like Cross-Site Scripting, XML, External Entity attacks, Deserialization issues, Content-Security Policy and many more application security vulnerabilities and their remediation then this class is for you!
If you are Manager responsible for handling a development team and would like to give a good dose of security knowledge so that you can avoid application security bugs in your code, then you are at the right place!
If you are a DevOps engineer wondering how to automate security into your pipeline, then this course will teach you on how to metamorphose your DevOps to DevSecOps. If you would like to avoid breaches like that of Equifax in September 2017, then sign up now!
• Any person who wishes to learn about application security vulnerabilities and understand more about their impact
• Developers who create web applications in any language can attend
• Any technical person having a basic knowledge of how web applications work or is responsible for Implementing, managing or protecting web applications
• Any DevOps engineer looking to automate security
- Application Security Basics
- Understanding HTTP protocol
- Security Misconfigurations
- Insufficient Logging and Monitoring
- Authentication Flaws
- Authorization Bypass
- Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF)
- Server-Side Request Forgery
- SQL Injection
- XML External Entity (XXE) Attacks
- Insecure File Uploads
- Deserialization Vulnerabilities
- Client-Side Security
- Source Code Review
- Introduction and overview of DevOps
- What and Why of DevSecOps?
- Integrating Security in CI/CD
- Vulnerability Management using Archerysec
- Secret Management using Vault, Jenkins and Docker Secrets
- Security in Developer Workstations: Pre-Commit Hooks using Talisman
- Software Composition Analysis using Dependency-Checker
- SAST – Static Application Security Testing using FindSecBugs
- DAST – Dynamic Application Security Testing using ZAP
- Security in Infrastructure as a Code using Clair
- Automated Vulnerability Assessment using OpenVAS
- Compliance as Code using Inspec
- Monitoring and Feedback using Modsecurity WAF
- DevSecOps in AWS
- Challenges in DevSecOps
- DevSecOps Enablers
The only requirement for this class is that you bring your own laptop with minimum version JDK 8.0 installed with administrator rights and lots of caffeine!
08/03/2021 a 10/03/2021
24/05/2021 a 26/05/2021