Prerequisites
To be successful and get the most out of this OpenHack and to avoid any delays with downloading or installing tooling, you are encouraged to have the following ready to go.
- Install your choice of Integrated Development Environment (IDE) Software, i.e. [link=https://code.visualstudio.com/docs#download] Visual Studio / Visual Studio Code/ Eclipse / IntelliJ
- Download Azure CLI 2.0 – preferred version is 2.0.43 or Azure PowerShell
- Browser Client (e.g. Chrome/ Safari/ Firefox)
Course Objectives
During the “hacking” attendees will focus on leveraging available tools/tasks in Azure DevOps to enable best-practice oriented scenarios such as:
- Managing Secrets
- Enabling static analysis/ dependency/ container scanning
- Dynamic Application Security Testing
- Workflow and organization policy enforcement
By the end of the OpenHack, attendees will have built out a technical solution that enables secure development workflow taking into account recommended best practices, all found through real world engagements with S500 and Hi-Po partners.
Course Content
This OpenHack enables attendees to add security-oriented tooling into their workflow and CI/CD tasks. This OpenHack simulates a real-world scenario where a development team is concerned, they might have leaked information in their web app that could expose their site to being hacked. This discovery has led the team to leverage DevSecOps practices to increase their security posture and catch issues early in the development process.
Technologies:
Microsoft Azure DevOps, Azure Key Vault, Azure Automation, Microsoft Security Code Analysis, Azure Kubernetes Service, Azure Container Registry, Azure Active Directory, Third Party Sonar Cloud, Aqua, Fossa, White Source,