Cloud Application Security, Republic of the Philippines

We can host this training at your preferred location. Contact us!

This course provides delegates with a practical understanding of securing software deployed into cloud environments including understanding of the issues and opportunities presented by serverless solutions.

In this new world attackers have moved with the times, shifting focus more than ever on finding vulnerabilities in your applications and cloud implementations rather than vulnerabilities in your infrastructure.

The course builds on our Internet Security course, but is designed for anyone building applications natively for the cloud (developers, architects, DevOps and DevSecOps).

About The Trainer

Simon Whittaker has been providing security services & training to both local organisations and some of the world’s largest companies for over 10 years.

Simon’s background in both development & System/Network Administration provides a great view on how best to compromise and secure required services & applications while also ensuring that training courses, content & practicals can be aimed at the right audiences.

Most of Simon’s work involves working with companies to test and improve secure coding practices, penetration & security testing and providing security consultancy to companies that are keen to improve their processes & procedures.

Simon also has great experience in developing & implementing efficient and effective practices across departments to assist with securing and retaining external quality recognition such as ISO27001.

An introductory course ideal for developers at all levels. The course is mixture of demonstrations, horror stories and practical work for completion by the trainees.

Learn how attackers are moving from finding vulnerabilities in your infrastructure to finding vulnerabilities in applications
Learn reliable and resilient authentication methods in the era of microservices and serverless architectures
Learn how to mitigate risk through detailed threat modeling at the application layer

Introduction

Vulnerability landscape for IaaS, SaaS and PaaS
Current threats

Microservices and Serverless

Monolith to microservice to serverless
Removing expensive and redundant servers

Securing infrastructure

Securing access to your cloud environments including effective use of IAM technologies, certificates and secrets
Understanding least privileged access in cloud environments
Effective IAM policies, roles & groups
Container security
Defence in depth
Security by design

Finding vulnerabilities

Understanding flaws
Scanning infrastructure
Automating vulnerability scanning

Logging

Effective logging techniques
Retention policies
How, what and where to log

Tools to help

Use of technologies to provide oversight to the cloud environment including automating protective actions
Working with solutions including: AWS Config, Shield and GuardDuty

Authentication & Authorisation

Exploration of Authentication and Authorisation methods and technologies
Use of cloud specific systems including: Cognito, OAUTH2 and JWT
Preventing lateral movement

Threat modelling serverless applications

Discovering critical paths
Reducing reliance and increase resilience
Building Security Redundancy into your architecture
Importance of Application layer threat modelling
Discovering and building data flows

Upcoming Trainings

Join our public courses in our Republic of the Philippines facilities. Private class trainings will be organized at the location of your preference, according to your schedule.

Classroom / Virtual Classroom

05 July 2024