The training is designed to provide a set of detailed stories and real-world scenarios that help students learn better through hands-on labs.
The course also maps application supply chains against frameworks like the MITRE ATT&CK to help students map tactics, techniques, and practices against well-known frameworks.
Supply Chain risks are everywhere. Over the last 3 years, we’ve seen a burst of supply chain exploits against organizations, totaling billions of dollars of value lost. Supply-chain security and implementation is essential, and in some cases, required by regulation. However, it is important for pentesters and red-teams to understand how they can leverage supply-chain attacks against applications, to further strengthen their defense and blue-team implementations against it.
This training is a deep hands-on, red-team exploration of application supply-chains. We commence with an understanding of application supply chains, and subsequently deep-dive into story-driven scenarios of exploiting different supply-chains like exploiting CI systems, build systems. Container infrastructure and cloud-native infrastructure hosted on Kubernetes, AWS and Azure.
People learn better with stories. All our exploit and lateral movement scenarios are intricately designed hands-on examples that are backed by real-world stories and anecdotes that help students understand this subject-matter a lot better.
Understand every single attack vector that can arise from third party vulnerabilities
Attack & compromise pre-deployment builds, as well as cloud & Kubernetes environments
Hands-on knowledge of how CI services can be compromised through supply chain attacks
Identify the most critical security vulnerabilities your organization is likely to encounter
Defense against all kinds of supply chain attacks
Using SLSA to find the provenance of components
Cloud-native, container & Kubernetes supply chains
Securing CI systems & secrets against exploits
Crafted on Real-world training for product security teams
Hands-on Experience: Engage with real-world scenarios in a controlled, cloud-based lab environment to apply learning directly.
Immediate Application: Implement Threat Modeling tools and techniques instantly, enhancing retention and understanding.
Access to Specialized Tooling: Utilize advanced Threat Modeling software and LLMs without needing to set up or maintain the infrastructure.
Safe Learning Space: Experiment and learn from mistakes in a risk-free sandbox, encouraging exploration and innovation.
Basic understanding of application security principles.
Familiarity with software development and the software development lifecycle (SDLC).
Some experience in security practices and methodologies is beneficial
For the optimal learning experience in this course, participants should use a laptop with Windows 10/11, the latest macOS, or a modern Linux distribution, equipped with an Intel i5 processor or equivalent (i7 recommended), at least 8GB of RAM (16GB preferred), and 20GB of free disk space. A stable, high-speed internet connection is essential for accessing streaming content and cloud-based labs, alongside the latest versions of Google Chrome, Mozilla Firefox, or Safari with JavaScript enabled. Participants must have administrative rights to install necessary software and a modern code editor like Visual Studio Code.
10
help@appsecengineer.com
United States
11166 Fairfax Boulevard, 500, Fairfax, VA 22030
APAC
68 Circular Road, #02-01, 049422, Singapore