Cloud Application Security Eğitimi

An introductory course ideal for developers at all levels. The course is mixture of demonstrations, horror stories and practical work for completion by the trainees.

• Learn how attackers are moving from finding vulnerabilities in your infrastructure to finding vulnerabilities in applications
• Learn reliable and resilient authentication methods in the era of microservices and serverless architectures
• Learn how to mitigate risk through detailed threat modeling at the application layer

Introduction

• Vulnerability landscape for IaaS, SaaS and PaaS
• Current threats

Microservices and Serverless

• Monolith to microservice to serverless
• Removing expensive and redundant servers

Securing infrastructure

• Securing access to your cloud environments including effective use of IAM technologies, certificates and secrets
• Understanding least privileged access in cloud environments
• Effective IAM policies, roles & groups
• Container security
• Defence in depth
• Security by design

Finding vulnerabilities

• Understanding flaws
• Scanning infrastructure
• Automating vulnerability scanning

Logging

• Effective logging techniques
• Retention policies
• How, what and where to log

Tools to help

• Use of technologies to provide oversight to the cloud environment including automating protective actions
• Working with solutions including: AWS Config, Shield and GuardDuty

Authentication & Authorisation

• Exploration of Authentication and Authorisation methods and technologies
• Use of cloud specific systems including: Cognito, OAUTH2 and JWT
• Preventing lateral movement

Threat modelling serverless applications

• Discovering critical paths
• Reducing reliance and increase resilience
• Building Security Redundancy into your architecture
• Importance of Application layer threat modelling
• Discovering and building data flows