Capacitación en línea en aula virtual, e-learning
y otras formas de entrega para tu teletrabajo

Encuentra más información

OpenHack DevSecOps (OHDVSCO)

Esquema Detallado del Curso

Challenge 1: Managing Secrets

  • Identify the tools and technologies that can help to protect from leaking credentials and secrets while in development
  • Create a custom search pattern for secrets in your source code

Challenge 2: Secret Rotation

  • Manage/Rotate secrets in dev/test/production environments

Challenge 3: Keep your code clean and vulnerability free

  • Identify the tools and technologies that you will use find security issues early in your development process
  • Design/implement a workflow that eliminates many issues and false positives using static code analysis and dependency scanning
  • Analyze dependencies in code and scan containers for known vulnerabilities

Challenge 4: Automate penetration testing

  • Scan for OWASP top 10 vulnerabilities
  • Incorporate pen testing into UI Automation testing
  • Adjust scoring algorithm based on your threat model (SMACD)

Challenge 5: Streamline and integrate workflow

  • Learn techniques/ trade-offs to speed up execution and minimize impact to developer productivity.
  • Integrate into PR based workflow to provide effective and timeline feedback from automation
  • Enable bot automation to streamline false positive resolution in external systems such as sonarcloud

Challenge 6: Apply security policy to your organization

  • Make DevSecOps mandatory for all PR merges to master branches for your organization
  • Reject a push to repository that contains secrets

Challenge 7: Enable quality gates and resolve issues

  • Implement quality gates
  • Resolve some of the discovered issues

At the end of the event, we will provide content and a recommended set of task that can be incorporated into a dev crew engagement to enable some of the practices that are covered during the event.