Secure Modern Development
Overview
Modern development is based on Cloud Native products to support the development process. Here is an unsorted list to support secure development.
Train efficiently
Examples
- Rate Limiting (1h)
- Resource Limiting (0.5h)
- Workshop Dynamic Application Security Testing (2h)
- Identity Providers, OAuth 2.0, OAuth 2.1, JWT, Storage of Tokens (2h)
- Security of Client Side Storage (1h)
- Workshop: Authorization with the Open Policy Agent (4h)
- Container Security (1 day)
- Introduction into Kubernetes Security (1h-2h)
- Introduction in Vulnerability and Patch Management for Applications (1h)
- Business Continuity Management for Developers (0.5h)
- Headers and API Headers (0.5h)
- Supply Chain and Mitigations (2h)
- Workshop: Hack your own applications (2-3 days)
- Abuse Tests for Developers (0.75h)
- Workshop: Secrets Handling with OWASP Wrong Secrets (1.5h)
- OWASP Top Ten (Injections, XSS, Sec. Misconfiguration, …)
- Workshop Threat Modeling (1 day)
- Distroless (0.5h)
- OWASP DefectDojo Hands On Training (1h)
- Malware Scanning for Developers (0.5h)
All topics include hands-ons!
Methods
Learning by doing is one of the most important paradigms. More about the training methodology here.
Trainer
Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.