Learn how to protect your Cloud Applications from common vulnerabilities and attacks
This course provides delegates with a practical understanding of securing software deployed into cloud environments including understanding of the issues and opportunities presented by serverless solutions.
In this new world attackers have moved with the times, shifting focus more than ever on finding vulnerabilities in your applications and cloud implementations rather than vulnerabilities in your infrastructure.
The course builds on our Internet Security course, but is designed for anyone building applications natively for the cloud (developers, architects, DevOps and DevSecOps).
- Learn how attackers are moving from finding vulnerabilities in your infrastructure to finding vulnerabilities in applications
- Learn reliable and resilient authentication methods in the era of microservices and serverless architectures
- Learn how to mitigate risk through detailed threat modeling at the application layer
- Vulnerability landscape for IaaS, SaaS and PaaS
- Current threats
Microservices and Serverless
- Monolith to microservice to serverless
- Removing expensive and redundant servers
- Securing access to your cloud environments including effective use of IAM technologies, certificates and secrets
- Understanding least privileged access in cloud environments
- Effective IAM policies, roles & groups
- Container security
- Defence in depth
- Security by design
- Understanding flaws
- Scanning infrastructure
- Automating vulnerability scanning
- Effective logging techniques
- Retention policies
- How, what and where to log
Tools to help
- Use of technologies to provide oversight to the cloud environment including automating protective actions
- Working with solutions including: AWS Config, Shield and GuardDuty
Authentication & Authorisation
- Exploration of Authentication and Authorisation methods and technologies
- Use of cloud specific systems including: Cognito, OAUTH2 and JWT
- Preventing lateral movement
Threat modelling serverless applications
- Discovering critical paths
- Reducing reliance and increase resilience
- Building Security Redundancy into your architecture
- Importance of Application layer threat modelling
- Discovering and building data flows
RequirementsAn introductory course ideal for developers at all levels. The course is mixture of demonstrations, horror stories and practical work for completion by the trainees.
''Great course, great materials, good exercises. Simon is a really great teacher have picked up some helpful hints on what to look out for. The threat modelling exercise was worthwhile. I think all employees should do this course.''
''This was a very detailed and interesting course that has covered number of topics which were interactive and easy to fallow. Simon was a great teacher who has explained everything really well and was very approachable. Thank you for your time and effort.''
''Hugely interesting course and eye opening to understand all the vulnerabilities that exist. Even though we have security reps within the company this would make you think there is a need for specially trained staff whose sole focus is that.''