This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Bay Area/hackerthursdays

From OWASP
Jump to: navigation, search

Practical DevSecOps - Continuous Security in the Age of Cloud

Date:- march 29th 2018, 6.30 pm to 8.30 pm.

Venue:- CloudFlare 101 Townsend St, San Francisco, CA 94107

Please fill this form to confirm attendance:- https://goo.gl/forms/LCu5veo8s4QgfvFB2

Abstract:

We all have heard about DevSecOps, Shifting Left, Rugged DevOps but there are no clear examples or frameworks available on how to implement DevSecOps practices. This workshop will teach you exactly that, tools and techniques to embed security as part of DevOps pipeline.

We will discuss how unicorns like Google, Facebook, Amazon, Etsy handle security at scale and what we can learn from them. We start off with the basics of the DevOps, DevSecOps and move onto advanced concepts such as Security as Code, Compliance as Code and Infrastructure as code. Each of these concepts will be backed up with hands-on exercises using DevSecOps Studio, a free and open source distribution for DevSecOps enthusiasts. By the end of this workshop, you will have enough tools under your belt, that you can put them into action right away.

We will also cover how to use static analysis (SAST), Dynamic Analysis (DAST) and OS hardening as part of the Secure SDLC and how to select tools/processes which fits your organization best.

Topics covered:

1. Introduction to DevOps and DevSecOps

2. People, Process and Technology aspects of DevSecOps

3. Automating SAST/DAST in Continuous Integration and Continuous Delivery environments.

4. Infrastructure as Code, Security as Code and Compliance as Code.

5. Container security (Docker) and orchestration

6. On the fly OS hardening and Compliance using Packer and Ansible.

Prerequisites:

1) Should know basics of Linux and commands ( curl, nmap, ssh, etc.,).

2) Basic Application Security concepts like OWASP Top 10.

3) Basic knowledge of any scripting language (Python/Ruby preferred) to write simple tools/scripts

Hardware and Software requirements:

1) Laptop with administrative, USB access and ability to change BIOS settings with 64 bit OS ( Mac/Linux preferred), 8GB+ RAM (16 GB preferred) and 100GB of free hard disk space.

2) Install Virtualbox, Vagrant, Ansible by following steps outlined at https://github.com/teacheraio/DevSecOps-Studio#summary-of-setup

3) Instructor will provide any other software and utilities needed, during the workshop.

Instructor Bio:

Mohammed A. “secfigo” Imran is a seasoned security professional with 8 years of experience in helping organizations with their Information Security Programs. He has a diverse background in R&D, consulting and product-based industries with a passion to solve complex security programs. Imran is the founder of Null Singapore, the largest information security community in Singapore where he has organized more than 60 events & workshops to spread security awareness.

He was also nominated as community star for being the go-to person in the community whose contribution and knowledge sharing has helped many professionals in the security industry. He is usually seen speaking in conferences like Blackhat, DevSecCon, Null and OWASP chapters.

Again. Please fill this form to confirm attendance:- https://goo.gl/forms/LCu5veo8s4QgfvFB2

Retrieved from "https://wiki.owasp.org/index.php?title=Bay_Area/hackerthursdays&oldid=238784"