Course Code: devsecopsworkshop
Duration: 7 hours
Prerequisites:

基础软件与SDLC经验

受众

DevOps,讨厌理论安全讨论的安全与云工程师

Overview:

这个世界级、尖端、实操的研讨会将参与者沉浸于现代CI/CD管道安全的关键现实中。专为安全专业人员、DevOps工程师和渴望掌握高级管道防御技术的开发者设计,培训结合了实时攻击模拟与业界领先的工具及实用防御技术。

Course Outline:

1. DevSecOps 基础:安全设计

🔍 学习:核心 DevSecOps 原则与安全 SDLC

🛠️ 演示:传统与现代安全管道的并排比较

🔧 实验:构建您的第一个支持 DevSecOps 的管道模板

2. OWASP ZAP 安全测试训练营

💣 漏洞模拟:

  • 部署一个包含 SQLi 和 XSS 漏洞的 app
  • 使用 OWASP ZAP 检测并缓解威胁

⚙️ 防御策略:

  • 使用 ZAP 进行自动化扫描
  • 通过 ZAP API 集成 CI/CD

🧪 实验:自定义 ZAP 基线扫描与攻击规则

🎯 挑战:“在 10 分钟内找到隐藏的管理面板”

3. 依赖地狱:供应链防御

💣 漏洞模拟:

  • 注入带有 CVE 的恶意 npm 包

🛡️ 防御策略:

  • 使用 OWASP Dependency-Track 监控漏洞
  • 在关键 CVE 上强制实施导致构建失败的政策门

🧪 实验:创建漏洞政策与警报工作流

⚠️ 震撼演示:“一个坏的依赖如何掌控您的基础设施”

4. 漏洞 Management 战情室

💣 漏洞模拟:

  • 利用未修补的容器漏洞

🛡️ 防御策略:

  • 使用 OWASP DefectDojo 集中报告
  • 使用 Trivy 扫描容器

🧪 实验:构建真实的 CISO/高管报告仪表板

🏁 竞赛:“比对手更快地处理 50 个发现”

5. 密钥与配置消防演习

💣 漏洞模拟:

  • 使用 truffleHog 从 Git 历史中提取密钥

🛡️ 防御策略:

  • 使用预提交钩子阻止类似 password=.* 的模式
  • 使用 ZAP 的配置蜘蛛暴露危险设置

🧪 实验:实施 GitHub Actions 密钥扫描

🚨 现实检查:“您的数据库密码现在就在 Slack 中”

6. 总结:DevSecOps 战斗计划

🧭 OWASP 集成路线图:

  • 规划您的 DefectDojo、Dependency-Track 和 ZAP 采用

📋 个人行动计划:

  • 起草您的 30 天安全检查清单
  • 定义您的 DevSecOps KPI 与报告仪表板
Sites Published:

United Arab Emirates - DevSecOps Firefight: Breach, Fix & Fortify

Qatar - DevSecOps Firefight: Breach, Fix & Fortify

Egypt - DevSecOps Firefight: Breach, Fix & Fortify

Saudi Arabia - DevSecOps Firefight: Breach, Fix & Fortify

South Africa - DevSecOps Firefight: Breach, Fix & Fortify

Brasil - DevSecOps Firefight: Breach, Fix & Fortify

Canada - DevSecOps Firefight: Breach, Fix & Fortify

中国 - DevSecOps Firefight: Breach, Fix & Fortify

香港 - DevSecOps Firefight: Breach, Fix & Fortify

澳門 - DevSecOps Firefight: Breach, Fix & Fortify

台灣 - DevSecOps Firefight: Breach, Fix & Fortify

USA - DevSecOps Firefight: Breach, Fix & Fortify

Österreich - DevSecOps Firefight: Breach, Fix & Fortify

Schweiz - DevSecOps Firefight: Breach, Fix & Fortify

Deutschland - DevSecOps Firefight: Breach, Fix & Fortify

Czech Republic - DevSecOps Firefight: Breach, Fix & Fortify

Denmark - DevSecOps Firefight: Breach, Fix & Fortify

Estonia - DevSecOps Firefight: Breach, Fix & Fortify

Finland - DevSecOps Firefight: Breach, Fix & Fortify

Greece - DevSecOps Firefight: Breach, Fix & Fortify

Magyarország - DevSecOps Firefight: Breach, Fix & Fortify

Ireland - DevSecOps Firefight: Breach, Fix & Fortify

Luxembourg - DevSecOps Firefight: Breach, Fix & Fortify

Latvia - DevSecOps Firefight: Breach, Fix & Fortify

España - DevSecOps Firefight: Breach, Fix & Fortify

Italia - DevSecOps Firefight: Breach, Fix & Fortify

Lithuania - DevSecOps Firefight: Breach, Fix & Fortify

Nederland - DevSecOps Firefight: Breach, Fix & Fortify

Norway - DevSecOps Firefight: Breach, Fix & Fortify

Portugal - DevSecOps Firefight: Breach, Fix & Fortify

România - DevSecOps Firefight: Breach, Fix & Fortify

Sverige - DevSecOps Firefight: Breach, Fix & Fortify

Türkiye - DevSecOps Firefight: Breach, Fix & Fortify

Malta - DevSecOps Firefight: Breach, Fix & Fortify

Belgique - DevSecOps Firefight: Breach, Fix & Fortify

France - DevSecOps Firefight: Breach, Fix & Fortify

日本 - DevSecOps Firefight: Breach, Fix & Fortify

Australia - DevSecOps Firefight: Breach, Fix & Fortify

Malaysia - DevSecOps Firefight: Breach, Fix & Fortify

New Zealand - DevSecOps Firefight: Breach, Fix & Fortify

Philippines - DevSecOps Firefight: Breach, Fix & Fortify

Singapore - DevSecOps Firefight: Breach, Fix & Fortify

Thailand - DevSecOps Firefight: Breach, Fix & Fortify

Vietnam - DevSecOps Firefight: Breach, Fix & Fortify

India - DevSecOps Firefight: Breach, Fix & Fortify

Argentina - DevSecOps Firefight: Breach, Fix & Fortify

Chile - DevSecOps Firefight: Breach, Fix & Fortify

Costa Rica - DevSecOps Firefight: Breach, Fix & Fortify

Ecuador - DevSecOps Firefight: Breach, Fix & Fortify

Guatemala - DevSecOps Firefight: Breach, Fix & Fortify

Colombia - DevSecOps Firefight: Breach, Fix & Fortify

México - DevSecOps Firefight: Breach, Fix & Fortify

Panama - DevSecOps Firefight: Breach, Fix & Fortify

Peru - DevSecOps Firefight: Breach, Fix & Fortify

Uruguay - DevSecOps Firefight: Breach, Fix & Fortify

Venezuela - DevSecOps Firefight: Breach, Fix & Fortify

Polska - DevSecOps Firefight: Breach, Fix & Fortify

United Kingdom - DevSecOps Firefight: Breach, Fix & Fortify

South Korea - DevSecOps Firefight: Breach, Fix & Fortify

Pakistan - DevSecOps Firefight: Breach, Fix & Fortify

Sri Lanka - DevSecOps Firefight: Breach, Fix & Fortify

Bulgaria - DevSecOps Firefight: Breach, Fix & Fortify

Bolivia - DevSecOps Firefight: Breach, Fix & Fortify

Indonesia - DevSecOps Firefight: Breach, Fix & Fortify

Kazakhstan - DevSecOps Firefight: Breach, Fix & Fortify

Moldova - DevSecOps Firefight: Breach, Fix & Fortify

Morocco - DevSecOps Firefight: Breach, Fix & Fortify

Tunisia - DevSecOps Firefight: Breach, Fix & Fortify

Kuwait - DevSecOps Firefight: Breach, Fix & Fortify

Oman - DevSecOps Firefight: Breach, Fix & Fortify

Slovakia - DevSecOps Firefight: Breach, Fix & Fortify

Kenya - DevSecOps Firefight: Breach, Fix & Fortify

Nigeria - DevSecOps Firefight: Breach, Fix & Fortify

Botswana - DevSecOps Firefight: Breach, Fix & Fortify

Slovenia - DevSecOps Firefight: Breach, Fix & Fortify

Croatia - DevSecOps Firefight: Breach, Fix & Fortify

Serbia - DevSecOps Firefight: Breach, Fix & Fortify

Bhutan - DevSecOps Firefight: Breach, Fix & Fortify

Nepal - DevSecOps Firefight: Breach, Fix & Fortify

Uzbekistan - DevSecOps Firefight: Breach, Fix & Fortify