Abhay Bhargav
[we45]
Abhay Bhargav is the Founder of we45 and Chief Research Officer of AppSecEngineer, a focused Application Security Company and elite AppSec and Cloud Security Training organization.
Abhay is a builder and breaker of applications. He is the Chief Architect of “Orchestron", a leading Application Vulnerability Correlation and Orchestration Framework.
He has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to this, Abhay is active in his research of new technologies and their impact on Application Security, namely Containers, Orchestration and Serverless Architectures.
Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA, SHACK and so on.
Tutorial: Essentials DevSecOps Workshop
DevOps is a movement that has seeped into organizations across the globe, resulting in Continuous delivery of apps. However, security remains a serious bottleneck for DevOps. Organizations struggle with including security in continuous delivery processes.
This training is a comprehensive, focused and practical approach at implementing Security for your Continuous Delivery Pipeline. The training is backed by tons of hands-on labs, original research and real-world implementations of DevSecOps that work.
In this workshop, we will be focusing on 3 key areas of DevSecOps, specifically during the build and post-build stages of DevSecOps, along with automation strategies and hands-on automation labs for these areas. Namely, SAST (Static Application Security Testing), SCA (Source Composition Analysis) and DAST (Dynamic Application Security Testing).
In the 2021 Edition, we’re bringing all new research to training on DevSecOps including, but not limited to:
* Deep-dive into new-age Static Analysis tools like Semgrep and CodeQL for faster, more accurate Static Analysis, Invariant identification
* Deep-dive into Source Composition Analysis and Software Bill of Materials, that can be leveraged with OSS tools and automation approaches that integrate into pipelines
* DevSecOps with Github Actions => Multiple recipes from Custom Actions to Leveraging Existing Actions in iterative and build pipelines
* Deep-dive into OWASP ZAP and learn how to leverage these APIs for Security Automation
* Skip the inefficient spider. Leverage Test Automation to perform deeper and more powerful security testing against your Web Application or REST API
* Learn advanced automation techniques by leveraging OWASP ZAP in DevSecOps Pipelines
* Multiple views of Continuous Integration and Continuous Delivery Pipelines
The class will be nearly entirely hands-on and participants will be using our state-of-the-art cloud labs and cyber-ranges for this. All tools showcased are Open Source so they are completely accessible to participants at $0.
Abhay is a builder and breaker of applications. He is the Chief Architect of “Orchestron", a leading Application Vulnerability Correlation and Orchestration Framework.
He has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to this, Abhay is active in his research of new technologies and their impact on Application Security, namely Containers, Orchestration and Serverless Architectures.
Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA, SHACK and so on.
Tutorial: Essentials DevSecOps Workshop
DevOps is a movement that has seeped into organizations across the globe, resulting in Continuous delivery of apps. However, security remains a serious bottleneck for DevOps. Organizations struggle with including security in continuous delivery processes.
This training is a comprehensive, focused and practical approach at implementing Security for your Continuous Delivery Pipeline. The training is backed by tons of hands-on labs, original research and real-world implementations of DevSecOps that work.
In this workshop, we will be focusing on 3 key areas of DevSecOps, specifically during the build and post-build stages of DevSecOps, along with automation strategies and hands-on automation labs for these areas. Namely, SAST (Static Application Security Testing), SCA (Source Composition Analysis) and DAST (Dynamic Application Security Testing).
In the 2021 Edition, we’re bringing all new research to training on DevSecOps including, but not limited to:
* Deep-dive into new-age Static Analysis tools like Semgrep and CodeQL for faster, more accurate Static Analysis, Invariant identification
* Deep-dive into Source Composition Analysis and Software Bill of Materials, that can be leveraged with OSS tools and automation approaches that integrate into pipelines
* DevSecOps with Github Actions => Multiple recipes from Custom Actions to Leveraging Existing Actions in iterative and build pipelines
* Deep-dive into OWASP ZAP and learn how to leverage these APIs for Security Automation
* Skip the inefficient spider. Leverage Test Automation to perform deeper and more powerful security testing against your Web Application or REST API
* Learn advanced automation techniques by leveraging OWASP ZAP in DevSecOps Pipelines
* Multiple views of Continuous Integration and Continuous Delivery Pipelines
The class will be nearly entirely hands-on and participants will be using our state-of-the-art cloud labs and cyber-ranges for this. All tools showcased are Open Source so they are completely accessible to participants at $0.
