DevSecOps training icon

DevSecOps training

2 day DevSecOps training class

This is our classic Specialist Course for DevSecOps.

This 2-day intermediate course will show you how to automate security into a fast-paced DevOps environment
using various open-source tools and scripts. We have delivered this training for Virtual OWASP AppSec Days
Conference to an overwhelming positive response.

The course is available directly from Claranet Cyber Security or you can book through one of our partners.
The course is now available as live, online training and can be delivered for you individually or for your
company. Contact us below with your requirements.

2 day practical class

Available by Partners

Live, online available

Hack-Lab available


Course Overview

Modern enterprises are implementing the technical and cultural changes required to embrace DevOps methodology
by introducing practices such Continuous Integration (CI), Continuous Delivery (CD), Continuous Monitoring
(CM) and Infrastructure as Code(IaC).

DevSecOps extends DevOps by introducing security into each of these practices giving a level of security
assurance in the final product. In this course, we will demonstrate using our state-of-the-art DevSecOps Lab
how to effectively inject security in CI, CD, CM and IaC.

Every delegate will be provided a personalized cloud setup of our DevSecOps lab for hands-on implementation
of various security tools in the CI/CD/CM pipeline. Attendees will receive the DevSecOps Lab built using
Vagrant and Ansible comprising the same tools and scripts as a takeaway.

Upcoming courses

Click here for more courses

Enquire about your training

We provide training directly (live, online or in person) and also work with a range of training partners in different locations around the globe for classroom or live, online training. Please contact us with details of your requirement and we will recommend the best route to access our amazing training.

The course can also be booked directly through our accredited training partners.

If booked through Check Point, Cyber-Security Learning Credits are accepted for this course.

Check Point

For security and IT decision makers

What’s the real impact of training your team through NotSoSecure?

Shift your organisation’s security left, make it a less attractive target to attackers, and help it resist
attacks by building a team that can develop resilient applications and systems using secure processes. Trained
delegates can:

  • Implement security tools and build and automate secure processes within their DevOps pipelines.
  • Secure any DevOps environment, from development and staging to production.
  • Securely deploy all the latest DevSecOps technologies which are covered in the course.
  • Understand the business impact of DevSecOps principles and articulate this to key stakeholders.
  • Solve business and development problems with a security mindset.
  • Take on greater responsibility in the team and become an advocate of security in the wider business.

Course Details

You will be able to:

  • Access to cloud DevSecOps-Lab for 24 hours post end of the training for further hands-on practice to
    each delegate.
  • The attendees will also receive a DevSecOps-Lab VM (designed by the NotSoSecure team) containing all
    the code, scripts and tools that are used for building the entire DevSecOps pipeline.

You will receive:

A full understanding of how to tackle security issues and a DevSecOps-Lab VM (designed by the NotSoSecure team)
containing all the code, scripts and tools that are used for building the entire DevSecOps pipeline.

What you can take away from the course:

  • Understand how to tackle security issues in a fast-moving DevOps environment
  • Identify tools/solutions and develop processes to create a secure by default infrastructure
  • In-depth understanding of various tools that can be used for security automation
  • Utilize the integration scripts and tools provided in the DevSecOps Lab to create your own DevSecOps

Details of the course content:


  • Online Lab Setup
  • Offline Lab Instructions


  • What is DevOps?
    • Lab: DevOps Pipeline


  • Challenges for Security in DevOps
  • DevOps Threat Model
  • DevSecOps – Why, What and How?
  • Vulnerability Management


  • Pre-Commit Hooks
    • Introduction to Talisman
    • Lab: Running Talisman
    • Lab: Create your own regexes for Talisman
  • Secrets Management
    • Introduction to HashiCorp Vault
    • Demo: Vault Commands


  • Software Composition Analysis (SCA)
    • Introduction to Dependency-Check
    • Lab: Run Dependency-Check pipeline
    • Lab: Fix issues reported by Dependency-Check
  • Static Analysis Security Testing (SAST)
    • Introduction to Semgrep
    • Lab: Run Semgrep pipeline
    • Lab: Create your own Semgrep Rules
    • Lab: Fix Issues reported by Semgrep
  • Dynamic Analysis Security Testing (DAST)
    • Introduction to OWASP ZAP
    • Demo: Creating ZAP Context File
    • Lab: Run ZAP in pipeline


  • Vulnerability Assessment (VA)
    • Introduction to OpenVAS
    • Lab: Run OpenVAS pipeline
  • Container Security (CS)
    • Introduction to Trivy
    • Lab: Run Trivy in Pipeline
    • Lab: Improvise Docker base image
  • Compliance as Code (CaC)
    • Introduction to Inspec
    • Lab: Run Inspec in Pipeline
    • Lab: Improvise Docker compliancy controls


  • Logging
    • Introduction to the ELK Stack
    • Lab: View Logs in Kibana
  • Alerting
    • Introduction to ElastAlert and ModSecurity
    • Lab: View Alerts in Kibana
  • Monitoring
    • Lab: Create Attack Dashboards in Kibana


  • DevOps on Cloud Native AWS
  • AWS Threat Landscape
  • DevSecOps in Cloud Native AWS


  • Challenges with DevSecOps
  • Building DevSecOps Culture
  • Security Champions
  • Case Studies
  • Where do we Begin?
  • DevSecOps Maturity Model


Who Should Take This Class?

DevOps engineers, security and solutions architects, system administrators will strongly benefit from this
course as it will give you a holistic approach towards application security.

If you have a background in IT or related to software development, whether a developer or a manager, you can
attend this course to get an insight about DevOps and DevSecOps.

You will need:

You should bring a laptop with a minimum 12 GB RAM and 40 GB of extra space and also have administrator
privileges. In order to access our labs you'll need an unfiltered direct connection to the internet. Our labs
will not be accessible from behind a proxy or a firewalled internet connection

DevSecOps Training

Course Information

You can download a copy of the course information below.

In addition you will also be provided with a student pack, handouts and cheat-sheets if appropriate.

Download the course information

Your Training Roadmap

Offensive Classes

Hacking training for all levels: new to advanced. Ideal for those preparing for certifications such as CREST
CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST as well as infrastructure / web application penetration
testers wishing to add to their existing skill set.

Defensive Classes

Giving you the skills needed to get ahead and secure your business by design. We specialise in application
security (both secure coding and building security testing into your software development lifecycle) and cloud
security. Build security capability into your teams enabling you to move fast and stay secure.


Marvellous training."

Delegate, DevSecOps Course

Thank you team for a wonderful DevSecOps Course!"

Delegate, Nullcon 2021

The tools presented are excellent. It was good that there had obviously been a lot of work done on
finding good tools for each piece of the course."

Delegate, AppSecOps Course

Thank you @notsosecure and @nullcon for the extensive training on DevSecops. Really engaging and a great
learning session. Worth mentioning the material and the hands on-lab. Kudos to the team and their hard
work for a smooth experience."

Delegate, Nullcon 2021

Thanks NotSoSecure for such a great DevSecOps course!"

Delegate, CheckPoint - DevSecOps Course

As the speed and frequency of releases increase, DevSecOps is a must to introduce security earlier in the
software development life cycle (SDLC). It is a key for DevOps teams to deliver secure applications with
speed and quality. Attended a 4 day training on DevSecOps - Automating Security in DevOps conducted by
NullCon. A big thanks to NotSoSecure | part of Claranet Cyber Security for conducting the insightful
sessions. Had a very enriching experience."

Delegate, Nullcon 2021

Our accreditations

Check penetration testing
Cyber essentials
CEH Accreditation
CCISO Accreditation
CISSP Accreditation
CRISC Accreditation
OSCE Accreditation