Course Outline

1. DevSecOps Foundations: Security by Design

🔍 Learn: Core DevSecOps principles & secure SDLC

🛠️ Demo: Side-by-side comparison of legacy vs modern secure pipelines

🔧 Lab: Build your first DevSecOps-enabled pipeline template

2. OWASP ZAP Security Testing Bootcamp

💣 Breach Simulation:

  • Deploy a vulnerable app with SQLi & XSS
  • Use OWASP ZAP to detect and mitigate threats

⚙️ Defense Tactics:

  • Automated scanning with ZAP
  • CI/CD integration via ZAP API

🧪 Lab: Customize ZAP baseline scans + attack rules

🎯 Challenge: “Find the hidden admin panel in 10 minutes”

3. Dependency Hell: Supply Chain Defense

💣 Breach Simulation:

  • Inject malicious npm package with CVEs

🛡️ Defense Tactics:

  • Monitor vulnerabilities with OWASP Dependency-Track
  • Enforce policy gates that fail builds on critical CVEs

🧪 Lab: Create vulnerability policies & alert workflows

⚠️ Shocking Demo: “How one bad dependency can own your infrastructure”

4. Vulnerability Management War Room

💣 Breach Simulation:

  • Exploit unpatched container vulnerabilities

🛡️ Defense Tactics:

  • Centralize reporting with OWASP DefectDojo
  • Scan containers with Trivy 

🧪 Lab: Build real dashboards for CISO/executive reporting

🏁 Competition: “Triage 50 findings faster than your rivals”

5. Secrets & Configuration Fire Drill

💣 Breach Simulation:

  • Exfiltrate secrets from Git history using truffleHog

🛡️ Defense Tactics:

  • Pre-commit hooks to block patterns like password=.*
  • Use ZAP’s config spider to surface dangerous settings

🧪 Lab: Implement GitHub Actions secrets scannin

🚨 Reality Check: “Your database password is in Slack right now”

6. Wrap-Up: DevSecOps Battle Plan

🧭 OWASP Integration Roadmap:

  • Plan your DefectDojo, Dependency-Track, and ZAP adoption

📋 Personal Action Plan:

  • Draft your 30-day security checklist
  • Define your DevSecOps KPIs & reporting dashboards

Requirements

Foundational software and SDLC experience

Audience

DevOps, Security & Cloud Engineers who hate theoretical security talks

 7 Hours

Delivery Options

Private Group Training

Our identity is rooted in delivering exactly what our clients need.

  • Pre-course call with your trainer
  • Customisation of the learning experience to achieve your goals -
    • Bespoke outlines
    • Practical hands-on exercises containing data / scenarios recognisable to the learners
  • Training scheduled on a date of your choice
  • Delivered online, onsite/classroom or hybrid by experts sharing real world experience

Private Group Prices RRP from €2280 online delivery, based on a group of 2 delegates, €720 per additional delegate (excludes any certification / exam costs). We recommend a maximum group size of 12 for most learning events.

Contact us for an exact quote and to hear our latest promotions


Public Training

Please see our public courses

Testimonials (1)

Provisional Upcoming Courses (Contact Us For More Information)

Related Categories