Hands-on AppSec-Pipeline
Prior to conducting the training with your team, we’ll have an initial scoping meeting. This session is designed to customize the workshop to your specific requirements, helping us decide on the most suitable approach and focus areas to address your needs effectively.
This fully packed hands-on coaching workshop gives insight into the automation capabilities of security scans, which perfectly fit into many build pipelines. Taking into account frontends (Web) as well as backends (APIs), you will learn how steps of a security analysis can be automated.
By focusing on open-source solutions, you will get a tool arsenal with different automation options ready to test your application’s security on every build. During this workshop we will enhance a typical CI/CD pipeline (every attendee will have an individual server in the cloud ready to use with multiple levels of tool integrations) step by step into a full-fledged awesome DevSecOps AppSecPipeline!
All exercises are executed against an attendee-individual training environment, which I prepare and individually spawn for each attendee in my cloud.
Individual Coaching vs. Workshop
I started conducting this training as a workshop, which used my individually prepared training application as a test candidate, applying SAST and DAST scans (along with false-positive handling), as part of a Jenkins or GitHub Actions based CI/CD build-pipeline. That way I was able to create a blueprint AppSec-Pipeline architecture as part of a great hands-on training.
But sometimes customers have other kinds of CI/CD setups or want the whole concept directly applied to their individual real applications. Therefore, I’ve shifted this workshop’s content a bit, so that it either still uses my blueprint setup with my training application, or (for the more individual customers) it takes your CI/CD infrastructure and your existing applications into account. With this kind of customization, your attending team not only learns the generic concepts of a working DevSecOps solution, but also has this setup built up and running with your individual CI/CD piepline and applications.
Questions about this individual DevSecOps coaching? Let’s talk