Course Outline
1. DevSecOps Foundations: Security by Design
🔍 Learn: Core DevSecOps principles & secure SDLC
🛠️ Demo: Side-by-side comparison of legacy vs modern secure pipelines
🔧 Lab: Build your first DevSecOps-enabled pipeline template
2. OWASP ZAP Security Testing Bootcamp
💣 Breach Simulation:
- Deploy a vulnerable app with SQLi & XSS
- Use OWASP ZAP to detect and mitigate threats
⚙️ Defense Tactics:
- Automated scanning with ZAP
- CI/CD integration via ZAP API
🧪 Lab: Customize ZAP baseline scans + attack rules
🎯 Challenge: “Find the hidden admin panel in 10 minutes”
3. Dependency Hell: Supply Chain Defense
💣 Breach Simulation:
- Inject malicious npm package with CVEs
🛡️ Defense Tactics:
- Monitor vulnerabilities with OWASP Dependency-Track
- Enforce policy gates that fail builds on critical CVEs
🧪 Lab: Create vulnerability policies & alert workflows
⚠️ Shocking Demo: “How one bad dependency can own your infrastructure”
4. Vulnerability Management War Room
💣 Breach Simulation:
- Exploit unpatched container vulnerabilities
🛡️ Defense Tactics:
- Centralize reporting with OWASP DefectDojo
- Scan containers with Trivy
🧪 Lab: Build real dashboards for CISO/executive reporting
🏁 Competition: “Triage 50 findings faster than your rivals”
5. Secrets & Configuration Fire Drill
💣 Breach Simulation:
- Exfiltrate secrets from Git history using truffleHog
🛡️ Defense Tactics:
- Pre-commit hooks to block patterns like
password=.*
- Use ZAP’s config spider to surface dangerous settings
🧪 Lab: Implement GitHub Actions secrets scannin
🚨 Reality Check: “Your database password is in Slack right now”
6. Wrap-Up: DevSecOps Battle Plan
🧭 OWASP Integration Roadmap:
- Plan your DefectDojo, Dependency-Track, and ZAP adoption
📋 Personal Action Plan:
- Draft your 30-day security checklist
- Define your DevSecOps KPIs & reporting dashboards
Requirements
Foundational software and SDLC experience
Audience
DevOps, Security & Cloud Engineers who hate theoretical security talks
Delivery Options
Private Group Training
Our identity is rooted in delivering exactly what our clients need.
- Pre-course call with your trainer
- Customisation of the learning experience to achieve your goals -
- Bespoke outlines
- Practical hands-on exercises containing data / scenarios recognisable to the learners
- Training scheduled on a date of your choice
- Delivered online, onsite/classroom or hybrid by experts sharing real world experience
Private Group Prices RRP from €2280 online delivery, based on a group of 2 delegates, €720 per additional delegate (excludes any certification / exam costs). We recommend a maximum group size of 12 for most learning events.
Contact us for an exact quote and to hear our latest promotions
Public Training
Please see our public courses
Testimonials (1)
There were many practical exercises supervised and assisted by the trainer