DevSecOps Hackathon

DevSecOps Hackathon in brief

DevSecOps hackathon is a one-day, intensive leap into application development security. During the day, threats to applications will be explored in theory and in practice. The training is suitable for everyone working in software development. The most important gift of the day is a deeper understanding of the threats as well as the motives of the attackers.

Who is it for?

Our Hackathon is suitable for anyone working in application development. During the day, our goal is to offer at least something to everyone — from senior developers interested in information security, all the way to the owner of the application or the person responsible for all application development.

The day will be carefully planned and customized taking into account the interests and competence levels of the participants — setting the correct priorities. During the day, participants are divided into two groups (hacking and threat modeling) and also everyone will have at least one hacking session in common.

The things we're going to learn

Over the course of the day, the following things will be discussed — among other things:

  • What could threaten us and how do we map threats
  • The role of security in application development
  • What is a secure application development process
  • Secure application development process reference frameworks (SAMM, BSIMM)
  • Other frameworks affecting application development (eg. ISO/IEC 27002)
  • The roles and tasks of a secure application development process — especially in agile development
  • Hacker mindset
  • How a hacker finds YOUR weak points of defense
  • What is an interesting target for a hacker
  • What tools does a hacker have and how are these tools applied
  • How to use the selected tools of Kali Linux
  • Could I be a hacker ?
    OWASP Top-10 and selected test cases for hands-on exercises

In addition, some current case studies will be consulted and analyzed.

The tools

The tools used in Hackathon are included in Kali Linux distribution — especially Burp, sqlmap and nmap. The use and intensity of these tools are reconciled together based on the participants’ interests and prior knowledge.

There will also be threat modeling exercises during the course of the day, using Microsoft’s and OWASP’s playing cards. In principle, an imaginary target system is used in threat modeling, but — if desired — the organization’s own information system descriptions can also be applied.

The trainers

Acting as the trainers are professional hackers and an application development security/development process professional. Hackathon’s study materials are in English, but the training day itself is usually a fluent mix of English and Finnish.

In practice

The Hackathon can be carried out at the customer’s own premises or — at customer’s expense — in any available and suitable training facility. Requirements for the training room are internet connection, good air conditioning and a projector or big screen. The Hackathon day is best suited for a group of about 10 people; but if agreed separately, the number of participants can be increased up to 20.

A successful Hackathon always requires one 1-2 hour planning meeting in which also the customer will participate.

The technical part of the training is constructed in such a way that the participants are able to continue on their own and deepen their knowledge in a similar environment.

Putsi in a secdevops hackathon

Top-level agenda of the day

  • Definition of a secure SDLC
  • Hack Session
  • Food & Break
  • Custom slot
  • Hack Session
  • Threat Modeling
  • Cases, takeaways, lessons learned & wrap-up

Train, motivate and assure your team's skills

Every team needs something different sometimes. Hackathon combines fun, gamification and learning. Hackathon is also well suited for raising general security awareness.

Learning new and moving outside the comfort zone motivates modern teams. Perhaps the need for a Security Champion has already been identified in the organization, but there is uncertainty about what the role entails and who could that be. After the Hackathon, this discussion can also take place.

Contact us and we will build a complete set out of ready-made blocks for you!

DevSecOps Hackathon is suitable for all people working in application development.

DevSecOps Hackathon is suitable for all people working in application development.

In threat modeling we use Microsoft’s Elevation of Privilege and OWASP’s Cornucopia playing cards.
Participants will get to know and understand how a secure application development process is built.

contact us

Please do contact us. We most likely respond faster than you thought,