DevOps - Full Stack Security Automation Tutorial

When:

Multiple venues from Aug 15 - Sep 12, 2017
Click here to view specific venue details

Phone:

1300922923

Pricing:

A$1,424.50 or $995 Ex GST for AISA Members
Addressing security in a fast-moving DevOps environments is essential, not just for the long-term success of your SDLC, but for the protection of your entire stack of tools and processes. This full-day tutorial examines ways of integrating security into DevOps environments by looking at opportunities at each stage of the development pipeline. The core focus is on automating repeatable security tasks allowing “low- hanging-fruit” issues to be remediated without human intervention.

This full-day tutorial examines ways of integrating security into DevOps environments by looking at opportunities at each stage of the development pipeline. The core focus is on automating repeatable security tasks allowing “low- hanging-fruit” issues to be remediated without human intervention.

In this tutorial we cover the following topics:

  • Understanding the motivations for providing security in high-velocity DevOps environments.
  • Securing the entire DevOps system and ensuring risk is managed according to appetite.
  • A defense-in-depth approach for improving code quality and detecting defects earlier.
  • Identifying known-vulnerable third-party libraries and managing the supply chain risk.
  • Using continuous monitoring tools to detect changes across the entire DevOps stack.
  • Self-healing management and remediation of misconfiguration, and enforcing policies.
  • Custom solutions versus existing platforms and tools to get immediate results.
  • A methodology for crawl, walk and run; ways to ensure a path to DevSecOps maturity.

We finish the tutorial with a real-world attack simulation involving a DevOps stack hosted on Amazon AWS, demonstrating the tactics and automated techniques you have learned.

Specifically in this tutorial you will learn about the following methods to use in your DevOps environment.

Application Security

  • Best Practice Awareness
  • Coding Helpers and IDE Tools
  • Developer Sandboxing
  • Static Analysis Security Testing (SAST)
  • Dynamic Analysis Security Testing (DAST)

OS/Networking Protection

  • Visualisation of Network Configuration
  • Continuous Monitoring Techniques
  • Alerting of non-compliant environments

Platform Resilience

  • Auto-enforcement of Configuration Policy
  • Self-healing & automated platform tools
  • Server-less event driven security

Venue Information:

Sep 12, 2017, 9:00 AM  to  17:00 PM
440 Collins Street Melbourne
Melbourne: City & inner suburbs, Victoria, Australia
On
Sep
12

Past Venues:

Aug 15, 2017, 9:00 AM  to  17:00 PM
60 Margaret Street Sydney
Sydney: City & inner suburbs, New South Wales, Australia
Over
Aug
15
nextmedia takes no responsibility for the accuracy of the content contained in these listings. Please contact the vendor with any enquiries.

Log In

Username:
Password:
|  Forgot your password?