DevSecOps Masterclass: 2025 Edition
Training Overview
DevSecOps Masterclass: 2025 Edition is an intensive, hands-on training at CSA XCON 2026, Dehradun, designed to help teams embed security into every stage of the Software Development Lifecycle through deep automation.
With fully updated content aligned to modern cloud-native development, this masterclass focuses on practical AppSec and DevSecOps automation, not theory. Participants will spend most of the time working through live labs, pipelines, and real-world scenarios, learning how to build scalable security programs that actually work in production.
This training is ideal for professionals who want to move beyond manual security checks and implement repeatable, automated, and developer-friendly security workflows.
About the Training at CSA XCON 2026
This masterclass delivers a complete, end-to-end view of DevSecOps, covering application security, CI/CD automation, container security, Kubernetes hardening, cloud security, and software supply chain assurance.
Key highlights include:
- Security embedded across the entire SDLC
- Strong focus on automation over manual processes
- Real-world pipelines using open-source and industry-adopted tools
- Cookbook-style labs that can be reused after the training
- Techniques that scale across teams, products, and cloud platforms
The training strongly aligns with CSA XCON’s mission to promote practical, implementable security engineering skills.
What You Will Learn
DevSecOps Across the SDLC
- How to integrate security seamlessly into development, build, test, and deployment stages
- Designing secure SDLC workflows that developers can actually adopt
Application Security & Supply Chain Automation
- SAST automation for applications and IaC using Bandit, Semgrep, and CodeQL
- Writing custom SAST rules to detect real-world vulnerabilities
- Supply chain security using SBOMs, SCA, and secure base image strategies
- Understanding and mitigating software supply chain attacks
- Implementing SLSA and artifact signing with Cosign (Sigstore)
- Advanced secrets management using HashiCorp Vault
Dynamic Security Testing Automation
- Automating DAST with OWASP ZAP
- Building security regression pipelines using Nuclei
- API security testing and continuous vulnerability scanning
CI/CD Pipeline Integration
- Integrating security into GitHub Actions, GitLab CI, Jenkins, and modern pipelines
- Using Robot Framework and automation patterns for security testing
- Best practices for security in both traditional and cloud-native CI/CD setups
Container & Kubernetes Security (Hands-On)
- Container image scanning and attack surface analysis
- Kubernetes security using a cookbook-style, step-by-step approach
- Replacing Pod Security Policies with Kyverno admission controllers
- Automated RBAC testing and least-privilege enforcement
- Pod Security Contexts and privilege reduction
- Secure secrets management in Kubernetes using Vault and CSI
- Runtime security with EFK stack and Falco
- Auditing clusters using KubeAudit
- Secure GitOps deployments with ArgoCD
Vulnerability Management & Correlation
- Managing findings from SAST, DAST, and SCA pipelines
- Correlating and prioritizing vulnerabilities using DefectDojo
- Reducing noise and focusing on actionable remediation
Cloud-Native DevSecOps
- DevSecOps automation for AWS, Azure, and cloud-native environments
- Securing serverless and containerized workloads
- Security automation in cloud CI environments including Azure DevOps
Training Experience & Expectations
- Highly hands-on and lab-driven masterclass
- Cookbook-style exercises that mirror real production setups
- Focus on scalable and repeatable security automation
- Open-source and freely available tooling wherever possible
- Practical challenge labs at the end of each module to validate learning
Participants will leave with ready-to-use DevSecOps patterns that can be implemented immediately in their organizations.
Who Should Attend
This training is ideal for:
- Application Security Engineers
- DevOps and Platform Engineers
- Security Engineers and Architects
- Developers working on cloud-native applications
- Security managers designing DevSecOps programs
Skill Level
Beginner to Intermediate
Participant Requirements
Participants should have:
- Basic understanding of application security concepts (OWASP Top 10)
- Familiarity with Linux command line
- Basic knowledge of any programming language
- Basic understanding of cloud concepts
Apple systems are not recommended due to virtualization limitations.
What Participants Will Receive
Each participant will receive:
- Guided lab instructions and complete training slides
- Access to cloud-based lab environments
- Code snippets and setup files for post-training practice
- Repository of open-source DevSecOps and Kubernetes security tools
- Extended access to learning platforms covering DevSecOps, AppSec, and Kubernetes security
Trainer
This training will be delivered by a globally experienced DevSecOps and Security Automation expert, with a strong background in building and scaling secure CI/CD pipelines, container security, cloud security, and supply chain assurance across enterprise environments.