DevSecOps Workshop
Duration: 1-3 days
Description:
Based on the DevSecOps Maturity Model (dsomm.timo-pagel.de), designed by the speaker, different dimensions of security in DevOps are explained.
The teaching of the content will be supported by HandsOn tasks, which will be done exclusively using OpenSource tools.
Content:
- Brush up on DevOps
- Threats in a build and deployment pipeline
- Measures to harden a build and deployment pipeline
- Docker security including patch management
- Automation of dynamic and static security tests
- Logging and monitoring in a DevOps world
- Optional: Continuous License Scanning
The OWASP DevSecOps Maturity Model serves as a guide
with the dimensions
Build and Deployment
Culture
Information Gathering
Infrastructure Hardening
Test and Verification
Target Audience:
Information and IT security managers and DevOps engineers.
Featured Tools:
- Docker
- Distroless
- OWASP ZAP
- OWASP Dependency Check
- Automation
- Jenkins
- Arachni
- nmap
- Distroless
