Hacker Summer Camp Special: Get 40% OFF with code HACKERCAMP40. Limited time only!
X
X
X

Live Online

4
Live sessions
3
Hours per Session
52
Weeks access
13
Lab Exercises

AppSecEngineer™ Certified Supply Chain Security Engineer

2 Certification Exam Attempts
All Recordings of Live sessions
Unlimited access to all 2000+ labs and 500+ courses on AppSecEngineer platform for 1 year
Ideal for
Security Engineer
Developer
DevOps
Cloud Engineer
Cloud Security Professionals
Sign up now
Coming Soon
Sign up now

Before this bootcamp

  • Limited understanding of supply chain risks
    You may have heard of SolarWinds or Log4j, but don’t fully understand how supply chain attacks unfold.
  • CI/CD pipelines feel like a black box
    You use Jenkins or GitHub Actions, but don’t know where the real vulnerabilities lie.
  • Cloud and container risks are unclear
    Misconfigurations and registry poisoning risks often go undetected in your workflows.
  • LLM and AI pipeline threats are confusing
    You're unsure how attackers can exploit modern AI agents or Model Context Protocols (MCPs).

    • After this bootcamp

  • Trace real-world attack paths
    You’ll recognize how attackers compromise packages, pipelines, and registries step-by-step.
  • Exploit and defend CI/CD systems
    You'll know how poisoned pipeline execution works—and how to stop it.
  • Analyze and secure container workflows
    You'll spot malicious base images, tampered layers, and vulnerable container supply chains.
  • Understand cloud-native attack vectors
    You'll gain hands-on practice with threats targeting AWS Lambda layers and IAM misuses.
  • Mitigate LLM/MCP supply chain abuse
    You’ll detect model poisoning, tool shadowing, and excessive agent permissions.
  • Apply hands-on labs learning to real-world scenarios
    With practical labs on GitHub, GitLab, and cloud setups, you’ll leave with applied skills, not just theory.

    • Know your Trainer

    Abhishek P Dharani

    Hey, I’m Abhishek P Dharani, Senior Security Engineer at we45, self-taught cyber ninja, and professional breaker of things (don’t worry, I put them back together… usually). If there’s a vulnerability lurking in an app, I’ll find it faster than you can say “Oops, we left that API exposed.” I thrive on chaining bugs, finding quirky exploits, and making security engineers everywhere nervous (in a good way, I promise). Offensive security? I love it. Defensive security? Also love it. Automating my way out of doing boring stuff? Absolutely. When I’m not hacking away at cloud applications, you’ll find me smashing shuttlecocks in badminton, scoring runs in cricket, or attempting to bowl a perfect strike (keyword: attempting). I also love bug bounty hunting, trekking into the wild, and gaming—because breaking things virtually is just as fun as breaking them in real life. Oh, and I have a soft spot for cats and techno music—so if you ever need security advice set to a killer beat, I’m your guy.
    Learn more about this trainer ➜

    Trained at

    Day 1

    September 5, 2025

    History, Frameworks, and Initial Supply Chain Vulnerabilities

    3 hour live online session

    Main Takeaways
    1. Understand how major real-world supply chain attacks (e.g., SolarWinds, Codecov) were carried out.
    2. Learn the phases of a software supply chain and where attackers insert malicious code.
    3. Explore the MITRE ATT&CK framework specific to supply chain tactics.
    4. Identify risks in developer tools, version control, and package manager ecosystems.

    Skills Gained
  • Spot vulnerabilities in pre-commit hooks, dependency confusion, and typosquatting.
  • Analyze risks in package managers like npm, pip, and Maven.
  • Map early-stage attack surfaces across repo, IDE, and build tools.
  • Build a foundational threat model of your development workflow.

    • Day 2

    September 12, 2025

    Exploiting Continuous Integration/Deployment Pipelines

    3 hour live online session

    Main Takeaways
  • Discover how attackers exploit Jenkins, GitHub Actions, and GitLab pipelines.
  • Understand poisoned pipeline execution and lateral movement in CI environments.
  • Learn how poor secret hygiene leads to privilege escalation.
  • Study common misconfigurations that leak access tokens and sensitive artifacts.

    • Skills Gained
  • Exploit insecure runners, workflows, and unscoped tokens in CI/CD platforms.
  • Identify unsafe secrets storage and poor permission setups.
  • Trace artifact tampering and pipeline compromise chains.
  • Harden your CI/CD pipeline by applying secure design patterns.

    • Day 3

    September 19, 2025

    Cloud and Containerized Environment Supply Chain Exploits

    3 hour live online session

    Main Takeaways
  • Explore cloud-native supply chain risks in AWS and serverless environments.
  • Learn how malicious container images infect the deployment pipeline.
  • Understand attacks through base image layering, registry poisoning, and image pull trust.
  • Discover how attackers leverage misconfigured roles, policies, and IAM boundaries.

    • Skills Gained
  • Detect compromised Lambda layers and unsafe AMIs in cloud setups.
  • Analyze Dockerfiles, image manifests, and container behavior for threats.
  • Secure image registries, enforce signature verification, and use trusted base images.
  • Apply cloud security posture management (CSPM) concepts to your pipeline.

    • Day 4

    September 26, 2025

    Advanced Attacks on AI Agents and Model Context Protocols

    3 hour live online session

    Main Takeaways
  • Learn about model and data poisoning in AI/ML pipelines.
  • Understand how excessive tool permissions in AI agents create hidden risks.
  • Explore MCP-specific attacks like Tool Shadowing and Tool Poisoning.
  • See how GenAI workflows create new software supply chain dependencies.

    • Skills Gained
  • Identify insecure LLM agent behaviors and API over-permissions.
  • Test model poisoning through manipulated training data or prompts.
  • Detect and exploit MCP misconfigurations and agent-tool vulnerabilities.
  • Build guardrails for secure AI pipeline operations and tool execution flows.

    • Technical Prerequisites

    • A laptop with a stable internet connection.
    • GitHub Account (throwaway recommended).
    • GitLab Account (throwaway recommended, with credit card for CI/CD time, but minimal charges expected).
    • Access tokens for GitHub and GitLab services.
    • Basic understanding of LLM’s , MCP’s

    Everything that comes with your bootcamp seat

    AppSecEngineer Pro Plus Plan
    Free access to the full Pro Plus AppSecEngineer subscription: for a whole year: courses, learning paths, challenges, and all cloud sandboxes included.
    GenAI sandbox access
    Get hands-on with LLMs in our secure AI playground. No ChatGPT+ account needed.
    Certificate & CPE credits
    Finish the bootcamp and earn a certificate you can use for career bragging rights and ISC2 CPE credits (1 credit per hour of training).
    Live bootcamp access
    Join live virtual sessions led by trainers who’ve seen real-world incidents and built secure systems. Ask questions, solve problems, and stay sharp.
    One-year replay access
    Can’t make it live? No stress. You’ll get full access to the session recordings and labs for one year.
    Private support channel
    Join your own Discord channel with the trainer and bootcamp peers. Ask questions and get answers for 60 days after your bootcamp begins.

    Sign up. Show up. Skill up.

    AppSecEngineer™ Certified Supply Chain Security Engineer
    $1299
    Sign up now

    This is the only bootcamp where I actually exploited a poisoned pipeline in GitHub Actions. Game-changing stuff.

    Ibrahim Qureshi, DevOps Engineer

    I never thought I'd need to understand model poisoning. The LLM and MCP attack labs were way ahead of the curve.

    Elena Marquez, Security Engineer

    The CI/CD attack modules were eye-opening. I’ve already fixed several issues in our Jenkins setup since finishing the course.

    Ravi Narayan, Cloud Security Specialist

    In just four (sessions) I learned how attackers move through code repos, containers, and the cloud. The labs made it stick.

    Kim Tran, Application Developer

    This (course) made me rethink how I treat open source dependencies and Docker images. Every dev and engineer should take it.

    Liam Peterson, DevOps Engineer

    The section on AI/ML supply chain threats was worth the entire bootcamp. Nobody else is teaching this stuff.

    Maya L. Iyer, Security Engineer

    FAQs

    Do I get a certificate?
    Can I use the certificate for CPE credits?
    What if I miss a session?
    Is this beginner-friendly?
    What if I have a question?
    Do I need to install anything?
    Is this just another webinar?

    Can't attend this bootcamp?

    Get informed about future bootcamps!
    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.

    Ready to Elevate Your Security Training?

    Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
    Get Our Newsletter
    Get Started
    X
    X
    About Us
    Privacy Policy


    United States    11166 Fairfax Boulevard, 500, Fairfax, VA 22030

    APAC
    68 Circular Road, #02-01, 049422, Singapore


    For Support write to help@appsecengineer.com

    FOLLOW APPSECENGINEER
    SOC2 Type2 Compliant
    4.3
    Copyright AppSecEngineer © 2025