top of page

DevSecOps for Cloud - Hands-on Workshop

Comprehensive overview of common security risks associated with application and cloud platform automation, and the techniques and tools that can be used to mitigate these risks. 

Course Summary

The goal of security for application and cloud platform automation’s workshop is to equip participants with the knowledge and skills needed to secure applications and cloud platforms that are deployed and managed through automation. The workshop is hands-on and practical, with labs and exercises that allow participants to apply their learning in a realistic environment.

​

Our interactive and gamified workshop will cover basics and advanced  topics of application security for cloud with special focus on DevSecOps integration on Azure DevOps, dynamic testing (DAST), and closed  loop remediations. 

Course Duration :

2 Week days / 6 Hours​

 

 

Course Method : 

Virtual  In-Person

              Two sessions with 3 hours each

               SFO - 6:30  - 9:30 pm PST Monday

               India - 7am - 10am  IST Tuesday

​

Laptop

Course Fees :    

 

$200 or 16,650 ( Inaugural Offer)

​

 

Industry Leaders as Instructors or Mentors

​

​

​

Group Learning Assessments (50%)

 Work shops, and labs

​

Individual skill Assessments (50%)

Multiple Choice based assessments

Course Name

Workshop Topics

Course Objectives

  • Learn basic concepts of DevOps, DevSecOps, Integration of vulnerability scanning / DAST into Azure DevOps.  

  • Learn about the importance of collaboration between development, security, and operations teams, and how to integrate security into the automation process.

  • Implement business use cases using tools to:

    • Perform dynamic application security tests to identify vulnerabilities in the SDLC life cycle 

    • Remediate security vulnerabilities in automated environments to secure and scale applications and cloud infrastructure.

What will you learn

​​

  • Basic concepts of DevOps, DevSecOps, Dynamic Application Security Testing, OWASP Top 10 Vulnerabilities and their remediation.  Participants learn these concepts by  implementing business scenarios. Participants will also  learn how to use tools to identify and address security vulnerabilities in automated systems.

  • Common security risks in application and cloud platform automation.  Participants learn how these risks can be mitigated using security best practices and tools.

  • Implementing and remediating security vulnerabilities in automated environments. Participants learn how to use automations to secure and scale their automated applications and cloud infrastructure.

  • Best practices for secure application and cloud platform automation. Participants learn about the importance of collaboration between development, security, and operations teams, and how to integrate security into the automation process.

Course Outline

Course Outline

Day 1

DevSecOps: Integrating Application Security into Azure DevOps

  • DevOps

    • What is DevOps

    • Business Use cases of DevOps

    • Building Azure DevOps Pipeline ( Labs)

  • DevSecOps​

    • ​What is DevSecOps

    • Introduction to DAST / Web Application Security Scanning

    • OWASP vulnerabilities, how to prioritize and manage vulnerabilities based on risk

    • Incorporating DAST in development process ( Labs)

Dynamic Application Security Testing ( Workshop and best practices)

  • Understanding common DAST findings​

  • DAST / Web Application Security Scanning - Workshop​

  • ​Best Practices in Application Security Remediations​

  • Automated Remediation

Labs

Lab 1 : Setup Source Code on Azure Repos

Lab 2 : Design and Configure - Build Pipeline

  • Task 1: Building an Azure DevOps Build Pipeline

    • Create a new build pipeline​

  • Task 2: Inspecting and Viewing the Build Pipeline in YAML

    • Step 1: View and edit the pipeline in YAML

    • Step 2: Understand build triggers and agent

    • Step 3: Understand build tasks and scripts

  • ​Task 3: Running the Azure Build Pipeline

    • ​Step 1: Run the build pipeline

    • Step 2: View the build output and logs

    • Step 3: Analyze the build results

Lab 3: Design and Configure: Release Pipeline

  • Task 1: Creating an Azure Web App with Operating System Linux

    • Step 1: Sign in to the Azure portal

    • Step 2: Create an Azure Web App

    • Step 3: Wait for the deployment

    • Step 4: Access and test the Azure Web App

  • Task 2: Building an Azure DevOps Release Pipeline

    • Step 1: Create a new release pipeline

    • Step 2: Configure the deployment tasks​

  • Task 3: Adding Artifacts to the Azure DevOps Release Pipeline

    • Step 1: Add build artifacts to the release pipeline
    • Step 2: Enable Continuous Deployment Trigger

  • Task 4: Creating the Azure DevOps Release

    • ​Step 1: Create a new release for manual deployment

  • ​Task 5: Manually Deploying a Release

    • ​Step 1: Manually deploy the release

    • Step 2: Monitor the deployment progress

  • ​Task 6: Inspecting the Deployed Azure Web App  

    • ​Step 1: Access the deployed Azure Web App

    • Step 2: Verify the application functionality

Lab 4: Integrating DAST into Azure DevOps

  • Task 1: Configuring DAST tools (e.g. OWASP ZAP) integration in Azure DevOps​

  • Task 2: Creating a pipeline to run DAST scans automatically.​​

  • Task 3: Analysis of DAST Report​

Lab 5: Analyzing and fixing security issues identified by DAST tools

  • Task 1: Integrating security findings in the Azure DevOps work items

  • Task 2: Assigning the issues to the right person

  • Task 3: Fixing the security issues by editing the code

Day 2

Group Workshop: Learning from Practice exercises

  • Group discussion on the hands-on assignments
  • Learnings from the labs ( 1-5)
  • Best Practices and Potfalls

 DAST with Automated Remediations

  • Introduction to DAST

  • Benefits of using DAST in cloud

  • Understanding common DAST findings

  • How to prioritize and manage vulnerabilities based on risk

  • Incorporating DAST in development process

  • Automation DAST Scans

  • Best Practices in Remediations

  • Automated Remediation

Quiz & Take-aways

Why CloudSecGuru?

What makes us unique?

​

Top 3 factors that makes us unique 

     

  • Get Insights from Industry Experts : Network with Industry experts & leaders of cyber security industry

​​

  • Drive Deep with practical use cases : Industry use cases that help understand the concepts practically

 

  • Engage in Fun filled learning: interactive engagement and gamification to learn skills with fun 

​

The platform

 

CloudSecGuru is a unique platform for security professionals and students alike to learn the cybersecurity concepts, tools, and best practices while having fun. The organization stands to providing Comprehensive, Effective, Engaging and Accessible Cyber Security Education to Create a Secure and Safe Technology Ecosystem. 

​

​

​

Who is this course for?

​

​

Seniors looking focused learning on latest tools and technologies

To understand and build functional & technical requirements to enhance cyber security programs

 

Professionals interested in upskilling

To gain competitive advantage by learning emerging requirements, technologies, ideas, and approaches in cyber security and cyber laws

​

 

Students of cybersecurity or cyberlaw

To get an early head start & accelerate your cyber security or cyber law career

​

​

​

Who is this for
Why cloudsecguru
profe.png
bottom of page