Tentative DevSecOps Masterclass: AppSec Automation Edition
DevOps has revolutionized the speed and scale at which organizations deliver software, but application security often struggles to keep pace with this rapid development lifecycle. As modern systems rely heavily on cloud infrastructure, containerization, and complex software supply chains, traditional security approaches become bottlenecks rather than enablers.
This hands-on two-day masterclass teaches security engineers, developers, and DevOps professionals how to implement practical DevSecOps and Application Security Automation across the software delivery pipeline. Participants will learn to integrate automated security testing, supply-chain integrity controls, secrets management, and policy enforcement directly into CI/CD workflows.
Through extensive hands-on labs, attendees will implement automated SAST, SCA, SBOM generation, supply-chain signing, DAST automation, and Policy-as-Code enforcement using modern tools such as Semgrep, OWASP ZAP, Nuclei, Open Policy Agent, Cosign, and HashiCorp Vault. The training also explores emerging AI-assisted DevSecOps workflows, including automated triage and intelligent vulnerability analysis.
By the end of the course, participants will have built complete DevSecOps pipelines that integrate security from code to deployment—enabling organizations to scale security without slowing down innovation.
Training Outline
-
Title
DevSecOps Masterclass: AppSec Automation Edition
-
Trainer
Vishnu Prasad(we45)
-
Language
English
-
Date
2026-11-14 9:00 - 18:30
2026-11-15 9:00 - 18:30 -
Venue
Bellesalle Shinjuku Grand Conference Center (5F)
-
Capacity
30(*Minimum students count is 10)
-
Remarks
Include 2day Conference ticket(November 17th to 18th, 2026) for training attendees
Training Application
Training Detail
- Professionals involved in DevSecOps, application security, and cloud-native software development
- Basic understanding of application security concepts (e.g., OWASP Top 10)
What skills will participants learn at your training?
- Hands-On DevSecOps Security Automation: Participants will gain practical experience integrating automated security testing tools directly into CI/CD pipelines, enabling organizations to detect vulnerabilities early and continuously throughout the software delivery lifecycle.
- Securing the Software Supply Chain: Attendees will learn how to implement supply-chain integrity controls such as SBOM generation, artifact signing, and provenance verification using technologies like Cosign and SLSA.
- Automated Security Testing at Scale: Participants will build automated testing workflows using SAST, DAST, and Infrastructure-as-Code security tools to ensure applications, APIs, and infrastructure are continuously validated for security vulnerabilities.
- Policy-Driven Security Enforcement: Through hands-on exercises with Open Policy Agent, attendees will learn how to implement Policy-as-Code frameworks that enforce security controls across APIs, infrastructure, and deployment pipelines.
What students should bring
- Laptop with latest version of browser installed. Laptop should not have any sort of network and firewall restrictions.
What students will be provided with
- All participants will receive access to a cloud-based lab environment with all required tools, including various LLMs and agent frameworks. Just bring a laptop with a web browser – no special hardware or local setup needed.
Vishnu Prasad
ヴィシュヌ・プラサド
Vishnu Prasad is a Principal DevSecOps Solutions Engineer at we45 with over nine years of experience building and securing large-scale application, cloud, and DevSecOps environments for global enterprises.
His work focuses on security automation, CI/CD pipeline security, and integrating security controls across modern software delivery systems. Vishnu has extensive hands-on experience automating SAST, DAST, and SCA workflows and has been instrumental in advancing security orchestration and vulnerability management practices using platforms such as DefectDojo. He has also pioneered approaches to containerizing and operationalizing security automation to enable consistent, scalable deployment across build pipelines.
In recent years, Vishnu's work has expanded into AI and LLM security, where he focuses on attacking and defending AI-driven systems. His expertise includes simulating AI-specific attack vectors, securing AI agent workflows, and implementing defensive controls for LLM-based applications and machine learning pipelines.
Vishnu designs and builds security tooling, conducts in-depth application, cloud, and AI security assessments, and regularly works with development teams to operationalize security at scale.
Vishnu designs and builds security tooling, conducts in-depth application, cloud, and AI security assessments, and regularly works with development teams to operationalize security at scale. He is fluent in Python, Java, and JavaScript and has hands-on experience with modern web and cloud architectures.
He is an experienced trainer and speaker and has delivered hands-on DevSecOps, supply chain security, and AI security trainings at conferences including DEF CON, Black Hat, OWASP, Troopers, and BruCON, as well as in private trainings for global organizations.