AppSecOps - A holistic approach to Application Security

Abstract

AppSecOps is a 3-day course providing a holistic approach towards application security for developers with automation. This class covers the latest OWASP Top 10 (2017 edition) through an attacker’s perspective and looks at the various best practices/code snippets in Java, .NET and NodeJS to write secure code. Throughout this class, developers will be able to get on the same page with security professionals, understand their language, learn how to fix or mitigate vulnerabilities learnt during the class and also get acquainted with some real-world breaches, for example, “The Equifax” breach in September 2017.Various bug bounty case studies from popular websites like Facebook, Google, Shopify, PayPal, Twitter etc will be discussed explaining the financial repercussions of application security vulnerabilities like SSRF,XXE,SQL Injection, Authentication issues etc… Post learning and understanding what application security vulnerabilities are and how to fix and identify, this class will show how to use automation to weed out some of the vulnerabilities by injecting security into a DevOps pipeline. As part of the class attendees will be provided access to an online lab for 7 days where they can practice their application security skills and be provided with our custom developed DevSecOps-Lab VM containing all the tools and code which are used for demonstrating the DevSecOps pipeline.