Agile and DevOps have revolutionized the way we deliver apps to customers. Software products today demand rapid everything. Rapid Code Changes, Rapid Deployments and Rapid Delivery. In addition, you have embraced Agile Development Methodologies that stress on iterative product development and flexibility to changing environments. There is one major problem in this entire chain, and that is Application Security.
While your product may be rapidly delivered to customers, Application security still remains a massive bottleneck in your continuous delivery pipeline. Application security is critical because companies lose billions of dollars due to vulnerabilities in their applications. Apart from typical vulnerabilities like SQL Injection and Cross Site Scripting, vulnerabilities in authentication, authorization, business logic and cryptographic implementations are more prevalent and can cause massive damage to a software product company.
This is why you need SecDevOps. You need a practical, repeatable and scalable way to deliver Application Security to your product across the Agile and DevOps lifecycle. In the we45 Certified SecDevOps Professional program you will receive powerful hands on training on how you can implement scalable and effective security for rapid-release applications. The workshop will be a hardcore hands-on workshop with coverage on the following, but not limited to:
- Security Threat Modeling - Agile Methodology
- Static Application Security Testing - Integrated with Continuous Integration Services
- Customized Security Automation Scripting Framework with Continuous Integration
- Creating specialized Application Security Testing Scripts to be integrated with existing Test Suites
- Security in Configuration management and Continuous Deployment
- Creating Security Configuration Management “Infrastructure as Code” and Validation Scripts
- Application Security Monitoring in a DevOps World
Laptop Requirements for SecDevOps Workshop:For Windows Laptop Users
• Intel i3 and above preferred, 64bit Operating System (32 bit will NOT work), 8GB+ RAM preferred, with atleast 50GB of free HDD space.
Netbooks will NOT work
• Working WiFi adapter with ability to connect to third party wireless networks
• User must be able to use the DVD Drive/USB port of the laptop to copy and install the Virtual Machine, which will be delivered in a DVD/USB Mass Storage Device (Flash Drive)
.• Windows users - Please download and install the latest version of Oracle VM Virtualbox from http://www.virtualbox.org
• We have observed that Windows laptops often come with Virtualization options disabled in the BIOS. In such cases, the Virtual Machine and the workshop exercises won’t work. Please ensure that the following measures are taken to make your laptop available for Virtualization o You must have access to your BIOS menu. This can be accessed by pressing F12 (not all laptops, some may have a different key to access the BIOS menu). In some cases, there may be a password to access the BIOS menu. Please ensure that you have a password (if required) to access the BIOS menu. o Please enable Virtualization in the BIOS options. Please refer to screenshots below (please note that different laptops may have these options located in different menu screens). HP – BIOS Virtualization Screen Dell Laptop BIOS Virtualization Option
For Linux/Mac Users
• Intel i3 and above preferred, 64bit Operating System (32 bit will NOT work), 8GB+ RAM preferred• atleast 50GB HDD space available
• Working WiFi adapter with ability to connect to third party wireless networks
• User must be able to use the DVD Drive/USB port of the laptop to copy and install the Virtual Machine, which will be delivered in a DVD/USB Mass Storage Device (Flash Drive)
• Install the latest version of Oracle VM VirtualBox
** We are using two VMs for hands-on labs for the participants. In this case both the VMs will exceed a size of 8 GB, therefore, we will be distributing this in USB drives for people to copy and use. The option of DVDs (which was an either/or for USB) from earlier will not be possible in this case.
** Also, the drives will be formatted with exFAT, so we members of the audience with Linux computers might need to download exFAT libraries to get it to work. If this is a problem, then we need to go with a different file system.
