DevSecOps Workshop
Übersicht
Using the DevSecOps Maturity Model (dsomm.timo-pagel.de), designed by the speaker, different dimensions of security in DevOps are explained.
The content will be supported by hands-on tasks, which will be carried out exclusively using OpenSource tools.
Train efficiently
Content
- DevOps recap
- Threats to a build and deployment pipeline
- Measures to harden a build and deployment pipeline
- Docker security including patch management
- Automation of dynamic and static security tests
- Logging and monitoring in a DevOps world
- Optional: Continuous License Scanning
The OWASP DevSecOps Maturity Model with the following dimensions serves as orientation
Build and Deployment
Culture
Information Gathering
Infrastructure Hardening
Test and Verification
Target group
Information and IT Security Managers and DevOps Engineers.
Used tools:
- Docker
- Distroless
- OWASP ZAP
- OWASP Dependency Check
- Automation
- Jenkins
- Arachni
- nmap
- Distroless
Methodology
Learning by doing is one of the most important paradigms. More about the training methodology here.
Trainer
Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.