RebelCon Workshop: Cloud Application Security
Training provider: Simon Whittaker, Vertical Structure
Date: Wednesday 19th June 2019; 9:30am to 5:00pm
Venue: Clayton Hotel, Lapps Quay, Cork
Price: €199 + VAT = €244
To learn more about the workshop and to purchase your ticket go to the Rebelcon website www.rebelcon.io
This workshop provides delegates with a practical understanding of securing software deployed into cloud environments including understanding of the issues and opportunities presented by serverless solutions.
In this new world attackers have moved with the times, shifting focus more than ever on finding vulnerabilities in your applications and cloud implementations rather than vulnerabilities in your infrastructure.
The course builds on our previous Internet Security course, but is designed for anyone building applications natively for the cloud (developers, architects, DevOps and DevSecOps).
Summary of course content
- Vulnerability landscape for IaaS, SaaS and PaaS
- Current threats
Microservices and Serverless
- Monolith to microservice to serverless
- Removing expensive and redundant servers
- Securing access to your cloud environments including effective use of IAM technologies, certificates and secrets
- Understanding least privileged access in cloud environments
- Effective IAM policies, roles & groups
- Container security
- Defence in depth
- Security by design
- Understanding flaws
- Scanning infrastructure
- Automating vulnerability scanning
- Effective logging techniques
- Retention policies
- How, what and where to log
Tools to help
- Use of technologies to provide oversight to the cloud environment including automating protective actions
- Working with solutions including: AWS Config, Shield and GuardDuty
Authentication & Authorisation
- Exploration of Authentication and Authorisation methods and technologies
- Use of cloud specific systems including: Cognito, OAUTH2 and JWT
- Preventing lateral movement
Threat modelling serverless applications
- Discovering critical paths
- Reducing reliance and increase resilience
- Building Security Redundancy into your architecture
- Importance of Application layer threat modelling
- Discovering and building data flows
An introductory course ideal for developers at all levels.
The workshop is a mixture of demonstrations, horror stories and practical work for completion by the trainees.
Simon is Cyber Security Director at Vertical Structure, an established company providing cyber security related services and training. The majority of his work involves consulting with companies to perform security and penetration testing and helping improve processes and procedures.
He also runs training events to help developers improve their secure coding practices, especially in Cloud applications.
All of Simon’s work is based around the principles of Prepare, Protect, Persist® – whereby clients are prepared to encounter security threats through training, protected through identifying / resolving issues and persisting the resilience through certification and ongoing consulting.