The hands-on training DevSecOps is aimed for software developers, DevOps engineers or architects and teaches the theoretical and practical basics of tool-supported “Early Security Testing”.

Fixing security vulnerabilities after software has been released is expensive. Compared to fixing the vulnerability at the time of development, the costs must be assumed to be multiple times higher. As a result, early detection of vulnerabilities (ideally directly at implementation phase) is one of the most important goals for secure and yet cost-efficient software development (shift-left). By integrating automated security testing tools into the CI/CD pipeline, certain security problems can be detected and fixed very early in the development cycle.

In our hands-on DevSecOps seminar, the speaker provides the domain knowledge necessary for a Secure Software Development Life Cycle (SSDLC). Based on this, participants will be enabled to integrate various security testing tools into the CI/CD pipeline based on our years of practical experience. Recommended security testing tools from the following categories will be presented using practical hands-on exercises and showcases, and their best practices usage will be explained:

• Software Composition Analysis (SCA)
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Interactive Application Security Testing (IAST)
• Compliance as Code (CaC)
• Infrastructure as Code (IaC)