DevSecOps

Introduction to Cyber Security and Penetration Testing

• Virtualization overview
• Demonstration of Kali Linux
• What is Risk?
• 5 Phases of Hacking
• TCP/IP and OSI model

Linux for Pentesters

• Linux Overview
• Linux commands
• Footprinting Concepts

Information Gathering and NMAP Scanning

• Maltego Overview :
• Nikto Overview :
• Dirbuster Overview :
• NMAP : Scanning the Network :

Networking and Scanning Methods

• Nessus vulnerability assessment
• Netcat for Pentester
• Wireshark · Go Deep.

Burp Suite – Application Security Testing Software

• Introduction to Burp suite
• Website Fundamentals

Introduction to WAPT (Web Application Penetration Testing)

• Basic Overview of OWASP Projects
• THC-Hydra overview

Basic Overview of Command Injection, File upload Vulnerability

• Command Injection vulnerability :
• File Uploads Vulnerability :

SQL injection, XSS attacks :

• What is SQL Injection Vulnerability?
• Practical with SQLMAP
• What is XSS?
• Types of XSS

Information Security Compliance, Python For Offensive PenTest

• Python For Offensive PenTest
• VAPT Life Cycle
• HIPAA Privacy

Information security compliance and management

• ISMS 27001 Risk Management
• NIST Cyber Framework
• HiTrust Compliance.

OS Hardening and Linux Security

• • OS Compliance
    • Vulnerability scan with Nessus/ Nexpose
    • Intro to CIS Benchmarks
    • CIS Controls
  • Account Security
    • PAM
    • Password Security
    • User-level Access Management
    • Security by Account Type
  • Network Security
    • Network Security Basics
    • Securing SSHD
    • Linux Firewall Fundamentals
    • Configuring the Firewall from the Command Line
    • SELinux
    • Port Scanning
  • Application and Filesystem Security
    • File and Directory Permissions
    • Special Modes – Sticky Bits and SUID
    • File Attributes
    • ACLs
    • Rootkits
    • OS Patching and vulnerability management with yum
  • Logging and Auditing
    • Linux OS logs – dmesg, btmp, wtmp, messages and access logs
    • Audit
  • Automated server hardening with Ansible

AWS Cloud Security

• • Access Control and Management
    • IAM
    • MFA
    • Identity Federation
  • Network Security, Logging, Encryption, and Application security
    • NaCl and VPC Security
    • AWS WAF & Shield
    • CloudTrail
    • KMS
  • Governance, Risk Management, and Compliance
    • Guard duty
    • AWS Inspector
    • AWS Config
    • AWS Security Hub
  • Data Protection and secrets management
    • S3 security
    • DynamoDB security
    • Secrets Manager

Compliance as Code and monitoring

• • Intro to Compliance as Code and policy enforcement
    • Sentinel
    • Inspec
  • Intro to Dashboards and Automated Vulnerability Detection
    • Archery

Container Security

• • Securing Docker
    • Docker Namespaces
    • Control groups and Docker
    • Using AppArmor profiles
    • Using seccomp profiles
    • Using capabilities
  • Container Security Monitoring
    • Monitor Container Security Parameters with OSQuery
    • Compliance and monitoring with Falco
  • Container Vulnerability Scanning and Audit
    • Static Analysis – Container Security Scanning
    • Intro to Clair / Anchor
    • Intro to Docker-Bench
  • Docker Runtime Security
    • Twistlock

DevSecOps – Build & Deployment Security

Burp Suite Recap

Burp suite Spider

Burp Suite Intruder

Burp Suite Repeater

LFI and Directory Traversal attacks

LFI – Local File inclusion

Directory traversal

DevOps Recap & Security Challenges

DevOps:

Security Challenges in DevOps.

Deployment Strategies & Security in Pre-Commit

Deployment Strategies (Blue/Green)

Shift Left

Security in Pre-Commit

Security in Commit

SAST & Component Analysis

SonarQube

Jenkins tutorials

• What is Jenkins?
• What is CI/CD pipeline?

DAST & OWASP ZAP

DAST & Security Acceptance Testing

OWASP ZAP

Quick Recap for DAST

Quick recap

Some Quick Questions

CTF and Bonus section

Quick recap

CTF (Capture the Flag)

Some Quick Questions