Course Outline

1. DevSecOps Foundations: Security by Design

🔍 Learn: Core DevSecOps principles & secure SDLC

🛠️ Demo: Side-by-side comparison of legacy vs modern secure pipelines

🔧 Lab: Build your first DevSecOps-enabled pipeline template

2. OWASP ZAP Security Testing Bootcamp

💣 Breach Simulation:

  • Deploy a vulnerable app with SQLi & XSS
  • Use OWASP ZAP to detect and mitigate threats

⚙️ Defense Tactics:

  • Automated scanning with ZAP
  • CI/CD integration via ZAP API

🧪 Lab: Customize ZAP baseline scans + attack rules

🎯 Challenge: “Find the hidden admin panel in 10 minutes”

3. Dependency Hell: Supply Chain Defense

💣 Breach Simulation:

  • Inject malicious npm package with CVEs

🛡️ Defense Tactics:

  • Monitor vulnerabilities with OWASP Dependency-Track
  • Enforce policy gates that fail builds on critical CVEs

🧪 Lab: Create vulnerability policies & alert workflows

⚠️ Shocking Demo: “How one bad dependency can own your infrastructure”

4. Vulnerability Management War Room

💣 Breach Simulation:

  • Exploit unpatched container vulnerabilities

🛡️ Defense Tactics:

  • Centralize reporting with OWASP DefectDojo
  • Scan containers with Trivy 

🧪 Lab: Build real dashboards for CISO/executive reporting

🏁 Competition: “Triage 50 findings faster than your rivals”

5. Secrets & Configuration Fire Drill

💣 Breach Simulation:

  • Exfiltrate secrets from Git history using truffleHog

🛡️ Defense Tactics:

  • Pre-commit hooks to block patterns like password=.*
  • Use ZAP’s config spider to surface dangerous settings

🧪 Lab: Implement GitHub Actions secrets scannin

🚨 Reality Check: “Your database password is in Slack right now”

6. Wrap-Up: DevSecOps Battle Plan

🧭 OWASP Integration Roadmap:

  • Plan your DefectDojo, Dependency-Track, and ZAP adoption

📋 Personal Action Plan:

  • Draft your 30-day security checklist
  • Define your DevSecOps KPIs & reporting dashboards

Requirements

Foundational software and SDLC experience

Audience

DevOps, Security & Cloud Engineers who hate theoretical security talks

 7 Hours

Number of participants


Price per participant

Open Training Courses require 5+ participants.

Testimonials (5)

Multiple examples for each module and great knowledge of the trainer.

Sebastian - BRD
Course - Secure Developer Java (Inc OWASP)

Module3 Applications Attacks and Exploits, XSS, SQL injection Module4 Servers Attacks and Exploits, DOS, BOF

Tshifhiwa - Vodacom
Course - How to Write Secure Code

Real-life examples.

Kristoffer Opdahl - Buypass AS
Course - Web Security with the OWASP Testing Framework

The trainer's subject knowledge was excellent, and the way the sessions were set out so that the audience could follow along with the demonstrations really helped to cement that knowledge, compared to just sitting and listening.

Jack Allan - RSM UK Management Ltd.
Course - Secure Developer .NET (Inc OWASP)

Piotr was very knowledgeable and related security issues to real world examples very well. His preparation was brilliant.

Alex Boseley - Trakm8 Ltd
Course - OWASP Top 10

Upcoming Courses

DevSecOps Firefight: Breach, Fix & Fortify

2025-08-20 09:30
7 hours
Santiago - El Golf
UF 57,80 (Online)
UF 152,80 (Classroom)

DevSecOps Firefight: Breach, Fix & Fortify

2025-09-03 09:30
7 hours
Santiago - Vitacura
UF 57,80 (Online)
UF 172,80 (Classroom)

DevSecOps Firefight: Breach, Fix & Fortify

2025-09-17 09:30
7 hours
Santiago - El Golf
UF 57,80 (Online)
UF 152,80 (Classroom)

DevSecOps Firefight: Breach, Fix & Fortify

2025-10-01 09:30
7 hours
Santiago - Vitacura
UF 57,80 (Online)
UF 172,80 (Classroom)

Related Courses

Web Security Testing - Security and Testing of Web Applications using OWASP

 21 Hours

This instructor-led, live training in  (online or onsite) is aimed at developers, engineers, and architects seeking to secure their web apps and services.

By the end of this training, participants will be able to integrate, test, protect, and analyze their web apps and services using the OWASP testing framework and tools

Read more...

OWASP Mobile Security Testing Guide

 21 Hours

This instructor-led, live training in Chile (online or onsite) is aimed at developers, engineers, and architects who wish to apply the MSTG testing principles, processes, techniques, and tools to secure their mobile applications and services.

By the end of this training, participants will be able to:

  • Explore testing techniques to strategize an effective security testing implementation in the development lifecycle.
  • Perform testing techniques to test general vulnerabilities and risks in mobile apps.
  • Run various security testing processes to secure their Android and iOS mobile applications.
Read more...

OWASP Top 10

 14 Hours

This instructor-led, live training in Chile (online or onsite) is aimed at web developers and leaders who wish to explore and implement the OWASP Top 10 reference standard to secure their web applications.

By the end of this training, participants will be able to strategize, implement, secure, and monitor their web applications and services using the OWASP Top 10 document.

Read more...

OWASP Web Security Testing Guide

 21 Hours

This instructor-led, live training in Chile (online or onsite) is aimed at developers, engineers, and architects who wish to apply the WSTG testing framework, principles, and techniques to secure their web applications and services.

By the end of this training, participants will be able to:

  • Use the WSTG to implement testing processes and techniques in the web development lifecycle.
  • Explore different testing techniques to customize the WSTG framework based on business needs.
  • Perform various security testing methods to protect web applications from risks and attacks.
  • Create an assessment report to document security testing findings and results.
Read more...

How to Write Secure Code

 35 Hours

This Course in Chile aims to help in the following:

  1. Help Developers to master the techniques of writing Secure Code
  2. Help Software Testers to test the security of the application before publishing to the production environment
  3. Help Software Architects to understand the risks surrounding the applications
  4. Help Team Leaders to set the security base lines for the developers
  5. Help Web Masters to configure the Servers to avoid miss-configurations
Read more...

Secure Developer Java (Inc OWASP)

 21 Hours

This course covers the secure coding concepts and principals with Java through Open Web Application Security Project (OWASP) methodology of testing. The Open Web Application Security Project is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.

Read more...

Secure Developer .NET (Inc OWASP)

 21 Hours

This course covers the secure coding concepts and principals with ASP.net through the Open Web Application Security Project (OWASP) methodology of testing , OWASP is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. 

This Course explores the Dot Net Framework Security features and how to secure web applications.   
    
    
    
    
    

Read more...

Related Categories

Category for OWASP
OWASP