Timo Pagel IT-Consulting https://pagel.pro/en/timo-pagel-it-consulting-new-landingpage/ Thu, 28 Dec 2023 17:34:10 +0000 en-GB hourly 1 https://wordpress.org/?v=6.4.3 https://pagel.pro/wp-content/uploads/2019/05/new-logo-100-border-150x150.png Timo Pagel IT-Consulting https://pagel.pro/en/timo-pagel-it-consulting-new-landingpage/ 32 32 Secure Modern Development https://pagel.pro/en/secure-modern-development-2/ https://pagel.pro/en/secure-modern-development-2/#respond Thu, 17 Nov 2022 10:38:55 +0000 https://pagel.pro/?p=2247 Durchführung einer strukturierten Analyse zur Identifizierung von Bedrohungen in IT-Systemen.

Der Beitrag Secure Modern Development erschien zuerst auf Timo Pagel IT-Consulting.

]]>

IT-Consulting

Timo Pagel | Web- and Cloud Security Training Expert

Secure Modern Development

Overview

Modern development is based on Cloud Native products to support the development process. Here is an unsorted list to support secure development.

Train efficiently

Examples

  • Rate Limiting (1h)
  • Resource Limiting (0.5h)
  • Workshop Dynamic Application Security Testing (2h)
  • Identity Providers, OAuth 2.0, OAuth 2.1, JWT, Storage of Tokens (2h)
  • Security of Client Side Storage  (1h)
  • Workshop: Authorization with the Open Policy Agent (4h)
  • Container Security (1 day)
  • Introduction into Kubernetes Security (1h-2h)
  • Introduction in Vulnerability and Patch Management for Applications (1h)
  • Business Continuity Management for Developers (0.5h)
  • Headers and API Headers (0.5h)
  • Supply Chain and Mitigations (2h)
  • Workshop: Hack your own applications (2-3 days)
  • Abuse Tests for Developers (0.75h)
  • Workshop: Secrets Handling with OWASP Wrong Secrets (1.5h)
  • OWASP Top Ten (Injections, XSS, Sec. Misconfiguration, …)
  • Workshop Threat Modeling (1 day)
  • Distroless (0.5h)
  • OWASP DefectDojo Hands On Training (1h)
  • Malware Scanning for Developers (0.5h)
 
All topics include hands-ons!

Methods

Learning by doing is one of the most important paradigms. More about the training methodology here.

Trainer

Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.

Arrange a free initial consultation

Contact

Contact

Der Beitrag Secure Modern Development erschien zuerst auf Timo Pagel IT-Consulting.

]]> https://pagel.pro/en/secure-modern-development-2/feed/ 0 Security Awareness Training https://pagel.pro/en/security-awareness-training-en/ https://pagel.pro/en/security-awareness-training-en/#respond Tue, 16 Mar 2021 13:58:31 +0000 https://pagel.pro/?p=1929 DevSecOps Workshop Übersicht Using the DevSecOps Maturity Model (dsomm.timo-pagel.de), designed by the speaker, different dimensions of security in DevOps are explained. The content will be supported by hands-on tasks, which will be carried out exclusively using OpenSource tools. Train efficiently Content DevOps refresher Threats in a Build and Deployment Pipeline Measures to harden a build… Read More »Security Awareness Training

Der Beitrag Security Awareness Training erschien zuerst auf Timo Pagel IT-Consulting.

]]>

IT-Consulting

Timo Pagel | Web- and Cloud Security Training Expert

DevSecOps Workshop

Übersicht

Using the DevSecOps Maturity Model (dsomm.timo-pagel.de), designed by the speaker, different dimensions of security in DevOps are explained.

The content will be supported by hands-on tasks, which will be carried out exclusively using OpenSource tools.

Train efficiently

Content

  • DevOps refresher
  • Threats in a Build and Deployment Pipeline
  • Measures to harden a build and deployment pipeline
  • Docker security including patch management
  • Automation of dynamic and static security tests
  • Logging and monitoring in a DevOps world
  • Optional: Continuous License Scanning

The OWASP DevSecOps Maturity Model with the following dimensions serves as orientation

Build and Deployment

Culture

Information Gathering

Infrastructure Hardening

Test and Verification

Target group

Information and IT Security Managers and DevOps Engineers.

Tools:

  • Docker
  • Distroless
  • OWASP ZAP
  • OWASP Dependency Check
  • Automation
  • Jenkins
  • Arachni
  • nmap
  • Distroless

Methodology

Learning by doing is one of the most important paradigms. More about the training methodology here.

Trainer

Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.

+ Sehr guter Anteil konkreter Übungen!
+ Wichtige Bereiche wurden immer mit der "Übersichtskarte" gezeigt.
+ Guter Rundumblick
Anonym, IT-Beratungsbranche
Schönes Beispiel aus der Praxis von docker12321 🙂
Anonym, Versicherungsbranche
interaktiver Ansatz gefällt mir gut!
Anonym, Versicherungsbranche
Beispielseiten wie die "Check Security Header" gefallen mir sehr gut.
Anonym, Versicherungsbranche
Sehr gute Idee, dass einem Zeit gelassen wird die praktischen Aufgaben direkt zu machen und gewartet wird, dass wirklich alle fertig sind (indem alle die Hand heben). Gut waren auch die Anzahl an Übungen und die erklären dazu was denn genau passiert. Auch die Themen der Übungen wurden gut gewählt, sodass man versteht, was die Tools machen und wie sie funktionieren
Anonym, Versicherungsbranche
Gute Übungen, die einen sinnvollen Lerneffekt hatten
Anonym, Versicherungsbranche
Sehr angenehme Einführung in das Thema des Threads Modelling, sodass man sich schon selbst Gedanken bezüglich der potentiellen Threats machen kann.
Anonym, Versicherungsdienstleister
Wir müssen uns alle an die aktuelle Situation gewöhnen. Insofern war heute alles cool! Vielen Dank
(Hinweis: Erster Workshop beim Corona-Start)
Anonym, Versicherungsbranche
Angenehm aufbereitet. Vor allem die praktischen Beispiele helfen immer enorm!
Anonym, Versicherungsdienstleister
Viele Übungen; einiges an Input, aber durch den Praxisbezug sehr verständlich! Nicht nur firmenbezogenen, sondern auch für die private Anwendung interessant
Anonym, IT-Beratungsbranche
Previous
Next

Arrange a free initial consultation

Contact

Contact

Der Beitrag Security Awareness Training erschien zuerst auf Timo Pagel IT-Consulting.

]]> https://pagel.pro/en/security-awareness-training-en/feed/ 0 Open Policy Agent https://pagel.pro/en/open-policy-agent-en/ https://pagel.pro/en/open-policy-agent-en/#respond Tue, 16 Mar 2021 11:23:05 +0000 https://pagel.pro/?p=1836 Open Policy Agent Description The Open Policy Agent (OPA) is an open source and generic engine that can be used to enforce uniform and context-aware policies across the entire technology stack. While from a security point of view the use of a central authorization component seems to make sense at first, this is often difficult… Read More »Open Policy Agent

Der Beitrag Open Policy Agent erschien zuerst auf Timo Pagel IT-Consulting.

]]>

IT-Consulting

Timo Pagel | Web- and Cloud Security Training Expert

Open Policy Agent

Description

The Open Policy Agent (OPA) is an open source and generic engine that can be used to enforce uniform and context-aware policies across the entire technology stack.

While from a security point of view the use of a central authorization component seems to make sense at first, this is often difficult to implement in a decentralized microservice landscape in reality and leads to more disadvantages than advantages.
In the workshop, the Open Policy Agent and its deployment scenarios will be explained so that, building on this, authorization rules for microservices or web applications can be designed in the “rego” language.

Train efficiently

Content

  • Introduction and implications of missing authorization
  • Contexts in mircoservices
  • How OPA works
  • Deployment scenarios such as Kubernetes Adminssion Controller and authorization in web applications
  • Hands-on exercises

Methodik

Learning by doing is one of the most important paradigms. More about the training methodology here.

Trainer

Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.

Arrange a free initial consultation

Contact

Contact

Der Beitrag Open Policy Agent erschien zuerst auf Timo Pagel IT-Consulting.

]]> https://pagel.pro/en/open-policy-agent-en/feed/ 0 DevSecOps Workshop https://pagel.pro/en/devsecops-workshop-en/ https://pagel.pro/en/devsecops-workshop-en/#respond Tue, 02 Feb 2021 14:24:55 +0000 https://pagel.pro/?p=1297 DevSecOps Workshop Description Using the DevSecOps Maturity Model (dsomm.timo-pagel.de), designed by the speaker, different dimensions of security in DevOps are explained. The content will be supported by hands-on tasks, which will be carried out exclusively using OpenSource tools. Train efficiently Content DevOps recap Threats to a build and deployment pipeline Measures to harden a build… Read More »DevSecOps Workshop

Der Beitrag DevSecOps Workshop erschien zuerst auf Timo Pagel IT-Consulting.

]]>

IT-Consulting

Timo Pagel | Web- and Cloud Security Training Expert

DevSecOps Workshop

Description

Using the DevSecOps Maturity Model (dsomm.timo-pagel.de), designed by the speaker, different dimensions of security in DevOps are explained.

The content will be supported by hands-on tasks, which will be carried out exclusively using OpenSource tools.

Train efficiently

Content

  • DevOps recap
  • Threats to a build and deployment pipeline
  • Measures to harden a build and deployment pipeline
  • Docker security including patch management
  • Automation of dynamic and static security tests
  • Logging and monitoring in a DevOps world
  • Optional: Continuous License Scanning

The OWASP DevSecOps Maturity Model with the following dimensions serves as orientation

Build and Deployment

Culture

Information Gathering

Infrastructure Hardening

Test and Verification

Target group

Information and IT Security Managers and DevOps Engineers.

Used tools:

  • Docker
  • Distroless
  • OWASP ZAP
  • OWASP Dependency Check
  • Automation
  • Jenkins
  • Arachni
  • nmap
  • Distroless

Methodology

Learning by doing is one of the most important paradigms. More about the training methodology here.

Trainer

Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.

Arrange a free initial consultation

Contact

Contact

Der Beitrag DevSecOps Workshop erschien zuerst auf Timo Pagel IT-Consulting.

]]> https://pagel.pro/en/devsecops-workshop-en/feed/ 0 Agile Threat Modeling https://pagel.pro/en/agile-threat-modeling-en/ https://pagel.pro/en/agile-threat-modeling-en/#respond Tue, 26 Jan 2021 16:41:50 +0000 https://pagel.pro/?p=1125 Conduction of a structured analysis to identify threats in IT systems.

Der Beitrag Agile Threat Modeling erschien zuerst auf Timo Pagel IT-Consulting.

]]>

IT-Consulting

Timo Pagel | Web- and Cloud Security Training Expert

Agile Threat Modeling

Description

Approximately 50% of threats in a system are related to architecture and design, so companies should act proactively at this point.

Thread modeling is a methodical approach that uses attack scenarios to identify threats in the system design that lead to real-life consequences for the system or business.

Under the pressure of digital transformation, the temptation for business managers/product owners to continuously deliver technical features is great.

However, security is also a permanently required feature and quality goal that customers expect and deserve.

In the workshop, the participant will be introduced to the approach according to the proven STRIDE method in a clear and comprehensible way with a mix of theory and practical exercises using show cases.

The workshop concludes with the participants learning how to make threat modeling attractive to employees who are not so security-savvy by using playful elements in the form of a card game.

Train efficiently

Content

  • Get to know Secure Design principles

  • Participants gain basic theoretical knowledge and based on this methodological knowledge in order to carry out a risk assessment of (web) systems

  • Threat Modeling as a method to discover design vulnerabilities

  • Create awareness of high cost and effort to fix design vulnerabilities

  • Getting to know gamification elements

  • Tips and tricks for applying threat modeling in practice

Target Audience

Developers, architects and DevOps engineers, but also product managers and IT security architects with a basic understanding of IT architectures.

 

Methodology

Learning by doing is one of the most important paradigms. More about the training methodology here.

Trainer

Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.

Arrange a free initial consultation

Contact

Contact

Der Beitrag Agile Threat Modeling erschien zuerst auf Timo Pagel IT-Consulting.

]]> https://pagel.pro/en/agile-threat-modeling-en/feed/ 0 Container Security​​ https://pagel.pro/en/container-security-en/ https://pagel.pro/en/container-security-en/#respond Tue, 26 Jan 2021 16:19:48 +0000 https://pagel.pro/?p=1113 Conduction of a container security workshop to show the threats by operating containers.

Der Beitrag Container Security​​ erschien zuerst auf Timo Pagel IT-Consulting.

]]>

IT-Consulting

Timo Pagel | Web- and Cloud Security Training Expert

Container Security​

Description

Containers have become the de facto standard for building and deploying (web) applications. However, security is often neglected, which can lead to high costs. The Container Security Training shows measures to prevent vulnerabilities and raises awareness.

Train efficiently

Content

    • Introduction to DevOps and IT security
    • Refresher on the concepts of containers
    • Hands-on analysis of threats when using containers
    • Familiarization with and implementation of measures to increase the security of clusters, images and containers

Detailed Outline:

1. Introduction to Container Security

  • Purpose and objectives of the Container Security Training
  • Importance of container security in modern application development
  • Overview of the target audience and the focus of the training
  • Introduction to DevOps principles
  • The integration of security into DevOps practices
  • Security considerations in the DevOps lifecycle

2. Container Fundamentals

Understanding containerization technology

  • Key concepts of containers:
  • Network isolation in containers and clusters
  • User namespaces
  • Docker vs. Podman
  • Image analysis with Dive

3. Threat Analysis

  • Hands-on analysis of threats when using containers
  • Identifying common vulnerabilities and attack vectors
  • Analyzing container security risks
  • Exploring resources limiting techniques

4. Security Measures

  • Implementing security measures to enhance cluster, image, and container security
  • Techniques for securing container sources and Dockerfiles
  • Detection of known vulnerabilities
  • Addressing insecure image sources

The training environment:

Target audience

All software developers and DevOps engineers with fundamentals of software development and IT systems.

Methodology

Learning by doing is one of the most important paradigms. More about the training methodology here.

Preparation

Participants each use a prepared training instance in the cloud. This means that there is no setup effort during the training! An SSH client such as Putty is required.
Prior knowledge of container technologies such as Docker is recommended, e.g. completion of the play-with-docker beginner training https://training.play-with-docker.com/beginner-linux/.

Containers are using existing Linux mechanisms, basic Linux knowledge is needed. Completion of https://ryanstutorials.net/linuxtutorial/ is recommended.

Trainer

Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.

Arrange a free initial consultation

Contact

Contact

Der Beitrag Container Security​​ erschien zuerst auf Timo Pagel IT-Consulting.

]]> https://pagel.pro/en/container-security-en/feed/ 0 Threat Modeling https://pagel.pro/en/threat-modeling-en/ https://pagel.pro/en/threat-modeling-en/#respond Tue, 26 Jan 2021 14:58:01 +0000 https://pagel.pro/?p=1035 Conduction of a structured analysis to identify threats in IT systems.

Der Beitrag Threat Modeling erschien zuerst auf Timo Pagel IT-Consulting.

]]>

IT-Consulting

Timo Pagel | Web- and Cloud Security Training Expert

Agile Threat Modeling Workshop

Description

Approximately 50% of threats in a system are related to architecture and design, so companies should act proactively at this point.

Thread modeling is a methodical approach that uses attack scenarios to identify threats in the system design that lead to real-life consequences for the system or business.

Under the pressure of digital transformation, the temptation for business managers/product owners to continuously deliver technical features is great.

However, security is also a permanently required feature and quality goal that customers expect and deserve.

In the workshop, the participant will be introduced to the approach according to the proven STRIDE method in a clear and comprehensible way with a mix of theory and practical exercises using show cases.

The workshop concludes with the participants learning how to make threat modeling attractive to employees who are not so security-savvy by using playful elements in the form of a card game.

Train efficiently

Content

We perform a threat modeling for your new feature/architecture together. We will perform the traditional threat modeling steps:

  • What are we working on?
  • What can go wrong?
  • What are we going to do about it?
  • Did we do a good enough job?

Target Audience

Developers, architects and DevOps engineers, but also product managers and IT security architects with a basic understanding of IT architectures.

 

Methodology

We will determine different roles in the start of the threat modeling. In remote Threat Modeling, we will use an interactive whiteboard like miro and cue cards to determine threats.

Preperation

A preperation is not needed. We will together understand the architecture, threats and countermeasures.

Trainer

Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.

Arrange a free initial consultation

Contact

Contact

Der Beitrag Threat Modeling erschien zuerst auf Timo Pagel IT-Consulting.

]]> https://pagel.pro/en/threat-modeling-en/feed/ 0 WordPress Security https://pagel.pro/en/wordpress-security-en/ https://pagel.pro/en/wordpress-security-en/#respond Tue, 26 Jan 2021 14:53:22 +0000 https://pagel.pro/?p=1029 WordPress is the most popular blog system on the market today. Attackers know this too, which is why more and more automated attacks are being run against WordPress. This workshop will show you what attacks exist and what countermeasures you can take.

Der Beitrag WordPress Security erschien zuerst auf Timo Pagel IT-Consulting.

]]>

IT-Consulting

Timo Pagel | Web- and Cloud Security Training Expert

WordPress Security Workshop

Description

WordPress is the most popular blog system on the market today. Attackers know this too, which is why more and more automated attacks are being run against WordPress. This workshop will show you what attacks exist and what countermeasures you can take.

 

Train efficiently

Content

  • Getting to know the concepts of WordPress
  • Getting to know attacks and countermeasures when using WordPress
  • Patch management of WordPress and plugins
  • Secure development of wordpress plugins

Target Audience

Administrators with knowledge of WordPress administration and basic knowledge of PHP are well served by this workshop.

 

Methodology

Im Rahmen des Workshops werden Themen vorgestellt und die Teilnehmer führen Hands-On Analysen in einer Trainingsumgebung durch. Teilweise werden Maßnahmen implementiert.
Im Rahmen dieses Workshops mit einem Mix aus Hands-On und Vortrag lernen Entwickler und Administratoren Bedrohungen und Maßnahmen bei der Nutzung von Container-Technologien kennen.
    • Technisch Hoch spezalisiert und auf Ihre Wünsche angepasst
    • Sturkturiert und praxisorientiert
    • Spielerisches lernen
    • Teilnehmer werden interaktiv eingebunden
    • Ausgleich von Heterogenität im Vorwissen
Mehr zur Trainings-Methodik unter XYZ.

Vorbereitung

TIMO:

Trainer

Timo Pagel lässt sein Wissen aus über 20 Jahren im Betrieb und der Entwicklung in seine Trainings einfließen. Als DevSecOps-Berater berät er nicht nur auf der strategischen Ebene sondern legt auch „Hand an“.

Arrange a free initial consultation

Contact

Contact

Der Beitrag WordPress Security erschien zuerst auf Timo Pagel IT-Consulting.

]]> https://pagel.pro/en/wordpress-security-en/feed/ 0 Security Check https://pagel.pro/en/security-check-en/ https://pagel.pro/en/security-check-en/#respond Tue, 26 Jan 2021 14:48:49 +0000 https://pagel.pro/?p=1020 Quick security check of web applications to identify threats in running applications for common pit falls.

Der Beitrag Security Check erschien zuerst auf Timo Pagel IT-Consulting.

]]>

IT-Consulting

Timo Pagel | Web- and Cloud Security Training Expert

DevSecOps Workshop

Übersicht

Anhand des DevSecOps Maturity Models (dsomm.timo-pagel.de), konzipiert durch den Referenten, werden unterschiedliche Dimensionen von Sicherheit in DevOps erläutert.

Die Vermittlung des Inhalts wird durch HandsOn Aufgaben unterstützt, welche ausschließlich anhand von OpenSource Werkzeugen erfolgt.

Effizient trainieren

Inhalte

  • Auffrischung DevOps
  • Bedrohungen bei einer Build- und Deployment Pipeline
  • Maßnahmen zur Härtung einer Build- und Deployment Pipeline
  • Docker-Sicherheit inkl. Patch-Management
  • Automation von dynamischen und statischen Sicherheits-Tests
  • Logging und Monitoring in einer DevOps-Welt
  • Optional: Continuous License Scanning

Als Orientierung dient das OWASP DevSecOps Maturity Model mit den Dimensionen

Build and Deployment

Culture

Information Gathering

Infrastructure Hardening

Test and Verification

Zielgruppe

Informations- und IT-Sicherheits-Verantwortliche und DevOps Engineers.

Ausschnitte von Werkzeugen:

  • Docker
  • Distroless
  • OWASP ZAP
  • OWASP Dependency Check
  • Automation
  • Jenkins
  • Arachni
  • nmap
  • Distroless

Methodik

Im Rahmen des Workshops werden Themen vorgestellt und die Teilnehmer führen Hands-On Analysen in einer Trainingsumgebung durch. Teilweise werden Maßnahmen implementiert.
Im Rahmen dieses Workshops mit einem Mix aus Hands-On und Vortrag lernen Entwickler und Administratoren Bedrohungen und Maßnahmen bei der Nutzung von Container-Technologien kennen.
    • Technisch Hoch spezalisiert und auf Ihre Wünsche angepasst
    • Sturkturiert und praxisorientiert
    • Spielerisches lernen
    • Teilnehmer werden interaktiv eingebunden
    • Ausgleich von Heterogenität im Vorwissen
Mehr zur Trainings-Methodik unter XYZ.

Vorbereitung

TIMO:

Trainer

Timo Pagel lässt sein Wissen aus über 20 Jahren im Betrieb und der Entwicklung in seine Trainings einfließen. Als DevSecOps-Berater berät er nicht nur auf der strategischen Ebene sondern legt auch „Hand an“.

Kostenloses Erstgespräch vereinbaren

Kontakt

Kontakt

Der Beitrag Security Check erschien zuerst auf Timo Pagel IT-Consulting.

]]> https://pagel.pro/en/security-check-en/feed/ 0 DevSecOps-Assessment https://pagel.pro/en/devsecops-assessment-en/ https://pagel.pro/en/devsecops-assessment-en/#respond Tue, 26 Jan 2021 14:43:32 +0000 https://pagel.pro/?p=1012 Assessment of the current DevOps security status, planning of activities and check of the effectiveness.

Der Beitrag DevSecOps-Assessment erschien zuerst auf Timo Pagel IT-Consulting.

]]>

IT-Consulting

Timo Pagel | Web- and Cloud Security Training Expert

DevSecOps Assessment

Description

Using the OWASP DevSecOps Maturity Model, mainly designed by Timo, different dimensions of security in DevOps assessed.

As an alternative, OWASP Software Assurance Maturity Model is used to get an overview and also take topics like governance into account.

Analysis of current security practices and development of a security programm in iterations

Methods

Together, we define the best approach to perform the assessment, e.g.

  • Questionnaire
  • Interview
  • Interview with samples

The OWASP DevSecOps Maturity Model with the following dimensions serves as orientation

Build and Deployment

Culture

Information Gathering

Implementation

Test and Verification

Assessment conducted by Timo Pagel

Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.

Arrange a free initial consultation

Contact

Contact

Der Beitrag DevSecOps-Assessment erschien zuerst auf Timo Pagel IT-Consulting.

]]> https://pagel.pro/en/devsecops-assessment-en/feed/ 0