AppSecOps - A holistic approach to Application Security


AppSecOps is a 3-day course providing a holistic approach towards application security for developers with automation. This class covers the latest OWASP Top 10 (2017 edition) through an attacker’s perspective and looks at the various best practices/code snippets in Java, .NET and NodeJS to write secure code. Throughout this class, developers will be able to get on the same page with security professionals, understand their language, learn how to fix or mitigate vulnerabilities learnt during the class and also get acquainted with some real-world breaches, for example, “The Equifax” breach in September 2017.Various bug bounty case studies from popular websites like Facebook, Google, Shopify, PayPal, Twitter etc will be discussed explaining the financial repercussions of application security vulnerabilities like SSRF,XXE,SQL Injection, Authentication issues etc… Post learning and understanding what application security vulnerabilities are and how to fix and identify, this class will show how to use automation to weed out some of the vulnerabilities by injecting security into a DevOps pipeline. As part of the class attendees will be provided access to an online lab for 7 days where they can practice their application security skills and be provided with our custom developed DevSecOps-Lab VM containing all the tools and code which are used for demonstrating the DevSecOps pipeline.

Jun 20, 2019 — Jun 22, 2019
Rohit Salecha
Security Engineer

Rohit Salecha is a technology geek who loves to explore anything that runs and understands binary. As a security engineer he is passionate about learning the length,breadth and depth of technology. Being more on the defensive side he has evangelised secure software development at various organizations for more than a decade. He is ridiculously driven by “everything as code” mantra and strongly believes that security team must strive towards making themselves irrelevant.