Claranet Cyber Security Services - Hacking Training

AppSecOps 4 Days A Holistic Approach to

A 4-Day practical hands-on training to understand application security vulnerabilities and how to automate the defenses for the same. Course Takeaway AppSecOps is a 4-Day practical hands-on training to understand application security vulnerabilities and how to automate the • Understand OWASP Top 10 with practical demonstrations defenses for the same. Provides insights into the latest security and deeper insight. vulnerabilities such as host header injection, XML external entity • Understand the financial repercussions of different injection, attacks on JWT tokens, SSRF Attacks, deserialization vulnerabilities. vulnerabilities etc... Attendees will learn how to defend themselves against such attacks and learn how to integrate the defenses by • Get on the same page with the security team while creating a DevSecOps environment. discussing vulnerabilities. The DevSecOps environment will be shown implemented by • Understand how to tackle security issues in a fast-moving injecting security into Continuous Integration (CI), Continuous DevOps environment Delivery (CD), Continuous Monitoring (CM) and Infrastructure as • In-depth understanding of various tools that can be used Code (IaC) . Every delegate will be provided a personalized cloud for security automation setup of our DevSecOps lab for hands-on implementation of various security tools in the CI/CD/CM pipeline. • Identify tools/solutions and develop processes to create a secure by default infrastructure A Short preview of the DevSecOps portion of the course is available for viewing here • Utilize the integration scripts and tools provided in the https://www.youtube.com/watch?v=_iGCZ4NPDqY DevSecOps Lab to create your own DevSecOps pipeline As part of the class attendees will be provided access to an online lab for 7 days to where they can practice their application security skills and access to the cloud-based DevSecOps-Lab for 24 hours post end of the training for further hands-on practice to Delegates Receive each delegate. Apart from the various tools and content around the training Students will be provided with a 7 day lab access where they can practice all the exercises/demos shown during the training. Who Should Attend Access to cloud DevSecOps-Lab for 24 hours post end of the training for further hands-on practice to each delegate. The attendees will receive a DevSecOps-Lab VM (designed by This class is ideal for Web/API developers who work the NotSoSecure team) containing all the code, scripts and tools day-in-day out building full-stack web applications that are used for building the entire DevSecOps pipeline. or web APIs. Anyone who is looking to develop a skillset into web application security and identify web application flaws can also benefit from this course. Delegates Should Bring DevOps engineers, security and solutions architects, system administrators and anybody who is a fan A Laptop with minimum 4 GB RAM and 1 GB of extra space. of automation will also strongly benefit from this Currently the tools provided by us support only Windows, MacOS course as it’ll give them a holistic approach towards and Debian operating systems. application security. In order to access our labs you’ll need an unfiltered direct connection to the internet. Our labs will not be accessible from behind a proxy or a firewalled internet connection.

For more information: UK: +44 (0)1223 653 193 US: +1 (628)200-3053/3052 Email: [email protected] Visit: notsosecure.com Claranet Cyber Security Services - Hacking Training

AppSecOps 4 Days Continued A Holistic Approach to Application Security

Course Outline Course Objectives • Application Security Basics • Understanding the HTTP Protocol • Covers industry standards such as OWASP top 10 with a practical demonstration of vulnerabilities complemented • Security Misconfigurations with hands-on lab practice. • Insufficient Logging and Monitoring • Provides insights into the latest security vulnerabilities • Flaws (such as host header injection, XML external entity • Bypass Techniques injection, attacks on JWT tokens, known-plaintext attacks, deserialization vulnerabilities). • Cross-Site Scripting (XSS) • Offers thorough guidance on best security practices • Cross-Site Request Forgery Scripting (Introduction to various security frameworks and tools • Server-Side Request Forgery (SSRF) and techniques for secure application development). • SQL Injection • Makes real-world analogies for each vulnerability explained (Understand and appreciate why Facebook would pay • XML External Entity (XXE) Attacks $33,000 for XML Entity Injection vulnerability?). • Unrestricted File Uploads • Provides online labs for hands-on practice during and after • Deserialization Vulnerabilities the course (7 Days) • Client-Side Security Concerns • Create a security culture/mindset amongst the already integrated “DevOps” team. • Source Code Review • Find and fix security bugs as early in SDLC as possible i.e. • Introduction to DevOps understand the “Shift Left” methodology. • Introduction to DevSecOps • Build a secure by default infrastructure by automating • Continuous Integration security • Continuous Delivery • The culture promotes the philosophy “Security is everyone’s problem”. • Infrastructure As Code • Integrate all security centrally and utilize the • Continuous Monitoring results more effectively. • DevSecOps in AWS • Measure and shrink the attack surface. • DevSecOps Challenges and Enablers

Delegate Requirements

Anybody with a background in IT or related to software development whether a developer or a manager can attend this course to get an insight about Web Application Security vulnerabilities, DevOps and DevSecOps.

For more information: UK: +44 (0)1223 653 193 US: +1 (628)200-3053/3052 Email: [email protected] Visit: notsosecure.com