Scalable and comprehensive application security is an essential requirement for any product, especially within mature software delivery environments utilising DevOps practices. However, incorporating robust and resilient application security practices within a continuous delivery pipeline can be challenging.
This training addresses these challenges and more, and is focused towards enabling and delivering application security at scale to organisations. This is a largely hands-on program, with a plethora of anecdotes, examples and real-world case studies. This gives the participants a comprehensive view of implementing practical DevSecOps and application security automation practices within their organisations. In fact, most of the participants have reported that they were able to use learnings from this training almost immediately.
- Neha Malick, ANZ
I found it really enjoyable because there was a lot of new information that we probably wouldn’t have come across in our organisations. It will be to very useful to see how we can implement all the information Abhay has given us to improve our processes and DevSecOps pipeline. And it was really good to see it done in a light-weight and fast manner to keep up with the demands of the agile development. Abhay was really patient with all our questions. I learnt a lot.
- Peter van Oosterom, Zimbani Pty Ltd
It was a really good show. Very comprehensive covering everything from automation build pipeline to how to do threat modelling in a different way, which has actually resonated well with a lot of the work I do with dev teams today.
- Liou Liu, MLC Life Insurance
This training showed me the different ways in which different elements like threat modelling and automation testing go together. The class opened my eyes in terms of what is coming to security automation in the next 2-3 years. I think application of automation is very important with everything moving so fast. I'm going to learn and implement what I learnt from this class.
Who is this training for?
This program is focused towards delivering application security at scale to organisations. It is therefore aimed at product teams who wish to automate their application security testing to keep pace with product releases in an agile environment.
Does this training program require prior or current usage of any specific tools or platforms?
No. But the course does introduce concepts of DAST, SAST, SCA and Correlation platforms in conjunction with standard engineering platforms such as Jenkins and JIRA which are easier to digest with prior exposure.
This blog outlines the steps involved in integrating one of the most prominent DAST tools Burp with Jenkins.
Understand our perspective on what it takes to successfully implement DevSecOps in an organisation.
Here is our compilation of common misconceptions aimed at anyone either currently involved in or in the process of adopting DevSecOps in the near future.