AppSec Labs to pump yourself up Release v.1.3.0
December 10, 2025Β·405 views

πŸ› πŸ† AppSec Labs to pump yourself up Release v.1.3.0

Fireworks,

I have put together some cool AppSec labs for you, including: Risk Analysis, GitSCM, Docker and Compose training, several SAST, SCA, DAST, Secret Detection and a demo stand to get your hands on exploited vulnerabilities, prepared various vulnerable applications, made scripts for converting detections from analyzers into .xslx, .odt, .txt, SBOM, Orchestration, CI/CD, UML process diagrams, etc.

Yes, exactly - this is the same practice that I previously wrote about here and I really want to share it with you. Again, you are the very first to see the releases that I test in Baumanka, MIPT and in my practice. Thanks to my students and listeners 😜

I also prepared, using mkdocs material, a convenient website with adaptation. I think you will like it, there is a User Friendly history, navigation and search for practical materials.

Intro

This is an application security training repository that contains labs from basic DevOps practices to AppSec. In all labs, starting from lab05, you triage, deal with vulnerabilities and improve yourself.

The course is aimed at engineers who want to learn how to use git, CI/CD, containerization, vulnerability scanners, shells for builds and targeting specific vulnerable applications, as well as related services in real mini-projects.

Structure

- lab01 - familiarization with basic tools and working environment, preparation of a repository and basic automation

- lab02 - lab05 - mini-projects around client-server applications and container infrastructure, setting up CI/CD, working with Docker and Compose

- lab06 – lab08 β€” container audit practices, SAST/SCA scanning, DAST and report analysis with subsequent aggregation

- lab09 - orchestration and Quality Gate, UML, etc.

– lab10 β€” project for assessing information security risks, integrating scan results and generating reports

Add-ons

- application - description of commands, packages, software for utilities with links to them

- cheatsheet for Docker, GitHub CLI, GitSCM, .gitignore, .dockerignore

- examples of atypical and trivial information security cases,

- description of software licenses

- OWASP TOP 10 with basic materials on it and CI/CD Risks

Overall: you have a great opportunity to start with this, or continue to improve yourself, and I plan to develop it further, make more complex labs further and share practice.

Stay Tuned ;)

#appsec #devsecops #roadmap #specialty #toolchain #techsolution #gost #paper #course #reco #sast #sca #dast #sbom #containersecurity #secrets #riskanalys #techsolution

#appsec#devsecops#roadmap#specialty#toolchain#techsolution#gost#paper#course#reco#sast#sca#dast#sbom#containersecurity#secrets#riskanalys
Open in Telegram