Course Code: devsecopsworkshop
Duration: 7 hours
Prerequisites:

基礎軟件與SDLC經驗

受眾

DevOps,討厭理論安全討論的安全與雲工程師

Overview:

這個世界級、尖端、實操的研討會將參與者沉浸於現代CI/CD管道安全的關鍵現實中。專為安全專業人員、DevOps工程師和渴望掌握高級管道防禦技術的開發者設計,培訓結合了實時攻擊模擬與業界領先的工具及實用防禦技術。

Course Outline:

1. DevSecOps 基础:安全设计

🔍 学习:核心 DevSecOps 原则与安全 SDLC

🛠️ 演示:传统与现代安全管道的并排比较

🔧 实验:构建您的第一个支持 DevSecOps 的管道模板

2. OWASP ZAP 安全测试训练营

💣 漏洞模拟:

  • 部署一个包含 SQLi 和 XSS 漏洞的 app
  • 使用 OWASP ZAP 检测并缓解威胁

⚙️ 防御策略:

  • 使用 ZAP 进行自动化扫描
  • 通过 ZAP API 集成 CI/CD

🧪 实验:自定义 ZAP 基线扫描与攻击规则

🎯 挑战:“在 10 分钟内找到隐藏的管理面板”

3. 依赖地狱:供应链防御

💣 漏洞模拟:

  • 注入带有 CVE 的恶意 npm 包

🛡️ 防御策略:

  • 使用 OWASP Dependency-Track 监控漏洞
  • 在关键 CVE 上强制实施导致构建失败的政策门

🧪 实验:创建漏洞政策与警报工作流

⚠️ 震撼演示:“一个坏的依赖如何掌控您的基础设施”

4. 漏洞 Management 战情室

💣 漏洞模拟:

  • 利用未修补的容器漏洞

🛡️ 防御策略:

  • 使用 OWASP DefectDojo 集中报告
  • 使用 Trivy 扫描容器

🧪 实验:构建真实的 CISO/高管报告仪表板

🏁 竞赛:“比对手更快地处理 50 个发现”

5. 密钥与配置消防演习

💣 漏洞模拟:

  • 使用 truffleHog 从 Git 历史中提取密钥

🛡️ 防御策略:

  • 使用预提交钩子阻止类似 password=.* 的模式
  • 使用 ZAP 的配置蜘蛛暴露危险设置

🧪 实验:实施 GitHub Actions 密钥扫描

🚨 现实检查:“您的数据库密码现在就在 Slack 中”

6. 总结:DevSecOps 战斗计划

🧭 OWASP 集成路线图:

  • 规划您的 DefectDojo、Dependency-Track 和 ZAP 采用

📋 个人行动计划:

  • 起草您的 30 天安全检查清单
  • 定义您的 DevSecOps KPI 与报告仪表板
Sites Published:

United Arab Emirates - DevSecOps Firefight: Breach, Fix & Fortify

Qatar - DevSecOps Firefight: Breach, Fix & Fortify

Egypt - DevSecOps Firefight: Breach, Fix & Fortify

Saudi Arabia - DevSecOps Firefight: Breach, Fix & Fortify

South Africa - DevSecOps Firefight: Breach, Fix & Fortify

Brasil - DevSecOps Firefight: Breach, Fix & Fortify

Canada - DevSecOps Firefight: Breach, Fix & Fortify

中国 - DevSecOps Firefight: Breach, Fix & Fortify

香港 - DevSecOps Firefight: Breach, Fix & Fortify

澳門 - DevSecOps Firefight: Breach, Fix & Fortify

台灣 - DevSecOps Firefight: Breach, Fix & Fortify

USA - DevSecOps Firefight: Breach, Fix & Fortify

Österreich - DevSecOps Firefight: Breach, Fix & Fortify

Schweiz - DevSecOps Firefight: Breach, Fix & Fortify

Deutschland - DevSecOps Firefight: Breach, Fix & Fortify

Czech Republic - DevSecOps Firefight: Breach, Fix & Fortify

Denmark - DevSecOps Firefight: Breach, Fix & Fortify

Estonia - DevSecOps Firefight: Breach, Fix & Fortify

Finland - DevSecOps Firefight: Breach, Fix & Fortify

Greece - DevSecOps Firefight: Breach, Fix & Fortify

Magyarország - DevSecOps Firefight: Breach, Fix & Fortify

Ireland - DevSecOps Firefight: Breach, Fix & Fortify

Luxembourg - DevSecOps Firefight: Breach, Fix & Fortify

Latvia - DevSecOps Firefight: Breach, Fix & Fortify

España - DevSecOps Firefight: Breach, Fix & Fortify

Italia - DevSecOps Firefight: Breach, Fix & Fortify

Lithuania - DevSecOps Firefight: Breach, Fix & Fortify

Nederland - DevSecOps Firefight: Breach, Fix & Fortify

Norway - DevSecOps Firefight: Breach, Fix & Fortify

Portugal - DevSecOps Firefight: Breach, Fix & Fortify

România - DevSecOps Firefight: Breach, Fix & Fortify

Sverige - DevSecOps Firefight: Breach, Fix & Fortify

Türkiye - DevSecOps Firefight: Breach, Fix & Fortify

Malta - DevSecOps Firefight: Breach, Fix & Fortify

Belgique - DevSecOps Firefight: Breach, Fix & Fortify

France - DevSecOps Firefight: Breach, Fix & Fortify

日本 - DevSecOps Firefight: Breach, Fix & Fortify

Australia - DevSecOps Firefight: Breach, Fix & Fortify

Malaysia - DevSecOps Firefight: Breach, Fix & Fortify

New Zealand - DevSecOps Firefight: Breach, Fix & Fortify

Philippines - DevSecOps Firefight: Breach, Fix & Fortify

Singapore - DevSecOps Firefight: Breach, Fix & Fortify

Thailand - DevSecOps Firefight: Breach, Fix & Fortify

Vietnam - DevSecOps Firefight: Breach, Fix & Fortify

India - DevSecOps Firefight: Breach, Fix & Fortify

Argentina - DevSecOps Firefight: Breach, Fix & Fortify

Chile - DevSecOps Firefight: Breach, Fix & Fortify

Costa Rica - DevSecOps Firefight: Breach, Fix & Fortify

Ecuador - DevSecOps Firefight: Breach, Fix & Fortify

Guatemala - DevSecOps Firefight: Breach, Fix & Fortify

Colombia - DevSecOps Firefight: Breach, Fix & Fortify

México - DevSecOps Firefight: Breach, Fix & Fortify

Panama - DevSecOps Firefight: Breach, Fix & Fortify

Peru - DevSecOps Firefight: Breach, Fix & Fortify

Uruguay - DevSecOps Firefight: Breach, Fix & Fortify

Venezuela - DevSecOps Firefight: Breach, Fix & Fortify

Polska - DevSecOps Firefight: Breach, Fix & Fortify

United Kingdom - DevSecOps Firefight: Breach, Fix & Fortify

South Korea - DevSecOps Firefight: Breach, Fix & Fortify

Pakistan - DevSecOps Firefight: Breach, Fix & Fortify

Sri Lanka - DevSecOps Firefight: Breach, Fix & Fortify

Bulgaria - DevSecOps Firefight: Breach, Fix & Fortify

Bolivia - DevSecOps Firefight: Breach, Fix & Fortify

Indonesia - DevSecOps Firefight: Breach, Fix & Fortify

Kazakhstan - DevSecOps Firefight: Breach, Fix & Fortify

Moldova - DevSecOps Firefight: Breach, Fix & Fortify

Morocco - DevSecOps Firefight: Breach, Fix & Fortify

Tunisia - DevSecOps Firefight: Breach, Fix & Fortify

Kuwait - DevSecOps Firefight: Breach, Fix & Fortify

Oman - DevSecOps Firefight: Breach, Fix & Fortify

Slovakia - DevSecOps Firefight: Breach, Fix & Fortify

Kenya - DevSecOps Firefight: Breach, Fix & Fortify

Nigeria - DevSecOps Firefight: Breach, Fix & Fortify

Botswana - DevSecOps Firefight: Breach, Fix & Fortify

Slovenia - DevSecOps Firefight: Breach, Fix & Fortify

Croatia - DevSecOps Firefight: Breach, Fix & Fortify

Serbia - DevSecOps Firefight: Breach, Fix & Fortify

Bhutan - DevSecOps Firefight: Breach, Fix & Fortify

Nepal - DevSecOps Firefight: Breach, Fix & Fortify

Uzbekistan - DevSecOps Firefight: Breach, Fix & Fortify