Course Outline
1. DevSecOps Foundations: Security by Design
🔍 Learn: Core DevSecOps principles & secure SDLC
🛠️ Demo: Side-by-side comparison of legacy vs modern secure pipelines
🔧 Lab: Build your first DevSecOps-enabled pipeline template
2. OWASP ZAP Security Testing Bootcamp
💣 Breach Simulation:
- Deploy a vulnerable app with SQLi & XSS
- Use OWASP ZAP to detect and mitigate threats
⚙️ Defense Tactics:
- Automated scanning with ZAP
- CI/CD integration via ZAP API
🧪 Lab: Customize ZAP baseline scans + attack rules
🎯 Challenge: “Find the hidden admin panel in 10 minutes”
3. Dependency Hell: Supply Chain Defense
💣 Breach Simulation:
- Inject malicious npm package with CVEs
🛡️ Defense Tactics:
- Monitor vulnerabilities with OWASP Dependency-Track
- Enforce policy gates that fail builds on critical CVEs
🧪 Lab: Create vulnerability policies & alert workflows
⚠️ Shocking Demo: “How one bad dependency can own your infrastructure”
4. Vulnerability Management War Room
💣 Breach Simulation:
- Exploit unpatched container vulnerabilities
🛡️ Defense Tactics:
- Centralize reporting with OWASP DefectDojo
- Scan containers with Trivy
🧪 Lab: Build real dashboards for CISO/executive reporting
🏁 Competition: “Triage 50 findings faster than your rivals”
5. Secrets & Configuration Fire Drill
💣 Breach Simulation:
- Exfiltrate secrets from Git history using truffleHog
🛡️ Defense Tactics:
- Pre-commit hooks to block patterns like
password=.* - Use ZAP’s config spider to surface dangerous settings
🧪 Lab: Implement GitHub Actions secrets scannin
🚨 Reality Check: “Your database password is in Slack right now”
6. Wrap-Up: DevSecOps Battle Plan
🧭 OWASP Integration Roadmap:
- Plan your DefectDojo, Dependency-Track, and ZAP adoption
📋 Personal Action Plan:
- Draft your 30-day security checklist
- Define your DevSecOps KPIs & reporting dashboards
Requirements
Foundational software and SDLC experience
Audience
DevOps, Security & Cloud Engineers who hate theoretical security talks
Custom Corporate Training
Training solutions designed exclusively for businesses.
- Customized Content: We adapt the syllabus and practical exercises to the real goals and needs of your project.
- Flexible Schedule: Dates and times adapted to your team's agenda.
- Format: Online (live), In-company (at your offices), or Hybrid.
Price per private group, online live training, starting from 1600 € + VAT*
Contact us for an exact quote and to hear our latest promotions
Testimonials (2)
Craig was extremely involved in the training, always making sure we are paying attention, adapted the examples to our day-to-day activities and always provided an answer when asked, even if the information was not added in the presentation.
Ecaterina Ioana Nicoale - BOOKING HOLDINGS ROMANIA SRL
Course - DevOps Foundation®
real life examples
