Cloud Application Security Training in France

An introductory course ideal for developers at all levels. The course is mixture of demonstrations, horror stories and practical work for completion by the trainees.

• Learn how attackers are moving from finding vulnerabilities in your infrastructure to finding vulnerabilities in applications
• Learn reliable and resilient authentication methods in the era of microservices and serverless architectures
• Learn how to mitigate risk through detailed threat modeling at the application layer

Introduction

• Vulnerability landscape for IaaS, SaaS and PaaS
• Current threats

Microservices and Serverless

• Monolith to microservice to serverless
• Removing expensive and redundant servers

Securing infrastructure

• Securing access to your cloud environments including effective use of IAM technologies, certificates and secrets
• Understanding least privileged access in cloud environments
• Effective IAM policies, roles & groups
• Container security
• Defence in depth
• Security by design

Finding vulnerabilities

• Understanding flaws
• Scanning infrastructure
• Automating vulnerability scanning

Logging

• Effective logging techniques
• Retention policies
• How, what and where to log

Tools to help

• Use of technologies to provide oversight to the cloud environment including automating protective actions
• Working with solutions including: AWS Config, Shield and GuardDuty

Authentication & Authorisation

• Exploration of Authentication and Authorisation methods and technologies
• Use of cloud specific systems including: Cognito, OAUTH2 and JWT
• Preventing lateral movement

Threat modelling serverless applications

• Discovering critical paths
• Reducing reliance and increase resilience
• Building Security Redundancy into your architecture
• Importance of Application layer threat modelling
• Discovering and building data flows