Loading…
Attending this event?
THE MUST ATTEND EVENT FOR CYBERSECURITY PROFESSIONALS
← Back to schedule
3 Day Training: Attacking the Application Supply Chain
Tuesday September 24, 2024 9:00am - 5:00pm PDT
Supply Chain risks are everywhere. We’ve seen a burst of supply chain exploits against organizations, totaling billions of dollars of value lost. Supply-chain security and implementation is essential and required by regulation. However, pentesters and red-teams must understand how they can leverage supply-chain attacks against applications, to further strengthen their defense implementations against it.

This training is a deep hands-on, red-team exploration of application supply-chains. We commence with an understanding of application supply chains, and subsequently dive into story-driven scenarios of exploiting supply-chains like exploiting CI systems, and build systems. Container infrastructure and cloud-native infrastructure hosted on Kubernetes, AWS, and Azure.

People learn better with stories. Our exploit and lateral movement scenarios are intricately designed labs that are backed by real-world stories that help students understand this subject-matter a lot better. This training was sold out at Blackhat USA 2023 with a 4.8/5 Rating
Speakers
VP

Vishnu Prasad

AppSec Engineer, we45
Vishnu Prasad is a DevSecOps Lead at we45. A DevSecOps and Security Automation wizard, he has implemented security in DevOps for numerous Fortune 500 companies. Vishnu has experience in Continuous Integration and Continuous Delivery across various verticals, using tools like Jenkins... Read More →
Tuesday September 24, 2024 9:00am - 5:00pm PDT
  3 Day Training
  • Audience intermediate
  • about Vishnu Prasad is a DevSecOps Lead at we45. A DevSecOps and Security Automation wizard, he has implemented security in DevOps for numerous Fortune 500 companies. <br><br>Vishnu has experience in Continuous Integration and Continuous Delivery across various verticals, using tools like Jenkins, Selenium, Docker, and other DevOps tools. His role sees him automating SAST, DAST, and SCA security tools at every phase of the build pipeline. He commands knowledge of every major security tool out there, including ZAP, Burp, Findsecbugs, and npm audit, among many others. He’s a tireless innovator, having Dockerized his entire security automation process for cross-platform support to build pipelines seamlessly. <br><br>His experience extends even beyond DevSecOps: he designs and develops Web Application Security tools, performs vulnerability management and orchestration, and consults on security assessments for major companies. He’s proficient in languages like Python, Java, Javascript, Angular, and more. <br><br>He regularly trains major companies and team members on application security automation, DevSecOps, and AppSec Essentials as well.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link