Training-Main-Image1

The AppSec Engineer

we45's world renowned and hands-on training programs. Curated to equip product engineering teams with a "purple-team" view of application security

Application Security Essentials Training we45

Application Security Essentials

A security perspective for product development and DevOps teams to help them build applications that are secure by design.

  • Core AppSec Principles

    Learn best practices in security through detailed understanding of flaws.

  • Attacker's Perspective

    Gain a thorough understanding of how exploitation of vulnerabilities happen in the wild.

  • Remediation Help

    Learn platform and technology agnostic remediation strategies against common AppSec vulnerabilities.

Threat Modeling in Agile we45

Threat Modeling In Agile

Learn how to capture threat models in an actionable way, linking it to security test cases to ensure comprehensive risk coverage.

  • Tailor Make Test Cases

    Derive test cases tailor made for your application to get the best out of your application security testing.

  • Capture Abuser Stories

    Learn how to use user and abuser stories to create threat models with comprehensive threat coverage.

  • Threat Playbook

    Learn how to perform Threat Modeling for iterative product releases using Threat Playbook.

Attacking and Defending Containers, Kubernetes and Serverless

Attacking and Defending Containers, Kubernetes and Serverless

Get a practical approach with both Offensive and Defensive flavours designed from real-world attacks that will help implement security in a scalable manner

  • Underlying Architecture

    Attacking applications leveraging containers, kubernetes and serverless technology requires specific skill set and a deep understanding of the fundamentals

  • Purple Team Approach

    Offensive and Defensive view of containers, kubernetes and serverless making it ideal for security engineers, red-teammers, devops engineers and developers!

  • Automated Security Pipelines

    Security specific CI/CD pipelines that helps scale security with your services

Amazon Web Services Security Training we45

AWS Security Training

Discover manual and automated approaches to deploying and provisioning resources on Amazon Web Services in a secure manner.

  • Tools of the trade

    Identify vulnerabilities in AWS environments using powerful tools like CS-Suite, prowler and lynis.

  • Practical Application

    Build a secure AWS deployment as a practical exercise to help internalize theoretical concepts.

  • Securing Assets

    Use KMS encryption to secure secrets and other sensitive information across AWS.

DevSecOps Training we45

DevSecOps & AppSec Automation

Learn how to use automation to integrate security with the application development process in a DevOps environment.

  • Shift Security Left

    Learn how to incorporate application security within your continuous delivery pipeline.

  • Security Regression

    Leverage functional automation scripts to reduce security testing time for iterative product releases.

  • Tool chain setup

    Optimally configure DAST/SAST tools to ensure minimal disruption of development workflow.

Security Training for Docker and Kubernetes deployments

Container & Kubernetes Security

Learn how to secure applications built using container tech like Docker and orchestration platforms like Kubernetes

  • In-Depth Understanding

    Develop a comprehensive understanding of underlying container architecture.

  • Comprehensive Threat Coverage

    Learn about security threats that are specific to containerized deployments.

  • Hands-On Exercises

    Our training is replete with practical exercises that simulate real world threat scenarios.

Serverless security training we45

Serverless Security

Learn how to secure applications that are built using Serverless technology which is undoubtedly the next "big thing" in the world of distributed applications.

  • Understanding The Threat Landscape

    This training will help attendees identify the much larger attack surface with hands-on exercises.

  • Security Responsibility Model

    Understand the security responsibility model involving most Serverless frameworks.

  • Capture The Flag

    Put theoretical learning to practice through our challenging CTF session

Secrets-of-Secrets-Training-we45

Secrets Management

Learn how to manage secrets and sensitive information secure in cloud native environments

  • Common Secrets Management Anti-patterns

    Hands-on view of vulnerable secrets implementations from the real world

  • Good Secrets Management

    Learn overarching principles of good secrets management.

  • Emphasis on Major Service Providers

    Focus on secret management with major cloud service providers like AWS, GCP & Azure