AIML Full Stack Development

DevSecOps Using DefectDojo ( XER – 201 )

DEVSECOPS USING DEFECTDOJO. END-To-END DEVELOPEMNT (XER - 301 )

LEVEL - ADVANCE  | FORMAT - INSTRUCTOR  LED TRAINING | Days : 5 Days

Image

Prerequisites

  • Knowledge of Application Security.
  • Understanding of Vulnerability Assessment Tools.
  • Knowledge of Security Testing Practices.
  • Basic Database and Reporting Skills and Scripting.
  • Familiarity with CI/CD Tools and Defect Tracking System.

Objectives

  • Streamline Vulnerability Management.
  • Compliance and Tagging Management and Reporting.
  • Enable Continuous Security Monitoring on Third Party.
  • Facilitate Collaboration Among Teams.
  • Automate Security Workflows, Reporting and Analysis.
  • Risk-Based Decision Making, Compliance and Audit Readiness.

Datasheet

DevSecOps Using DefectDojo - 201

Descriptions

Download 

Training Objectives

  • Learn Application Security Orchestration and correlation (ASOC).
  • Implement and Automate Open-Source Scanner Integration using Bandit, Trivy and Scout.
  • Evaluate Commercial Scanner Integration using Github Action such as Nessus, Qualys, SonarQube, Acunetix (DAST, IAST - Interactive Testing Tool).
  • Integration with Issue Trackers - Github Issue and Unified Dashboard Design.
  • Threat Modeling - Asset Identification, Threat Identification, Attack Surface Analysis, Mitigation Strategies.
  • Risk Management - Risk Identification, Assess each risk based on impact, Mitigation Action.
  • Learn and Configure Compliance Management and Role-Bases Access Control (RBAC).

Target Audience

  • Security Analysts and Engineers.
  • Developers and Software Engineers.
  • DevOps/DevSecOps Teams/Security Consultants.
  • Applications Security Professionals.
  • IT Risk and Compliance Managers/QA Engineers.

Course Module

  1. Component Tracking - Dependency Management, Component Vulnerability Mapping, Version Tracking.
  2. Risk Acceptance Waivers.
  3. Engagement Scheduling - Planned, Automation and Recurring Engagement.
  4. Custom Field and Attributes.
  5. Advanced Reporting and Analytics.
  6. Finding Templates.
  7. Multi-Tenancy Support - Isolated Work Spaces, Role-Based Access for Tenants.
  8. Benchmarking and Historical Trends - Securing Trend Analysis.
  9. Multiple Product Types.
  10. Integrated Risk Scoring Models.
  11. Engagement Automation with CICD Pipelines - Seamless Integration with DevOps Tools.
  12. Securing as Code.
  13. Configuration as Code.
  14. Automated Scanning via API.

Scope 

  • Level - Advance
  • Duration : 5 Days
  • Format : Lecture and Hands-On Lab
  • Platform Support : On-Prime Data Center / Cloud Platform
  • Programming Language : Python Programming.

Lab Requirements

  • Cloud Platform - AWS Services - S3, EKS, RDS, EC2.
  • Windows OS.
  • Open Source Software.
  • Github Account.
  • AIML Applications and DefectDojo Integrations.

Contact Us

  • WhatsApp : +919164315460
  • Email : info@xerxez.in