         DevSecOps培训

Day One:

Introduction

DevSecOps at a Glance

CI (Continuous Integration) and CD (Continuous Delivery)
Shifting security to the left, the DevOps way
DevSecOps Method Theories

Security for DevOps technologies
When and how security interacts with the application and the development lifecycle
Shared ownership of security responsibilities and activities
Day Two:

DevSecOps with Jenkins

Creating an agent
Creating a pipeline job
Using SYNK and SonarQube for SAST security scanning
Using Arachini and OWASP-ZAP for DAST security scanning
Using Anchore and Aqua MicroScanner for image security scanning
Developing a DevSecOps pipeline
Enabling CI and CD
Security Automation

Automating security testing with Gaunit
Running an automated attack
Application Security Automation

Automating and refactoring XSS attack
Automating SQLi attack
Automating a fuzzer
Testing security in software delivery pipelines
Summary and Conclusion