AWS is extensively used by organizations, large and small. The breadth of service offerings within AWS is staggering. From Serverless to IaaS Services, AWS has comprehensive solutions that can power any organization. However, security on AWS is often treated similar to Enterprise security. Organizations look to adopt similar templates of Perimeter Protection, on their AWS environments, as they would, for collocated or private cloud environments. This is not a scalable or effective strategy.
This training will outline manual and automated approaches to deploying/provisioning resources on AWS in a secure manner. The attendees can also expect to learn identification of vulnerabilities in AWS environments using powerful tools like CS-Suite, prowler and lynis. Finally the class will conclude with participants building out a secure AWS deployment (with example applications, database environments and so on) as a practical exercise to help internalize theoretical concepts.
What are the major concepts covered in this training?
The training covers a host of different concepts some of them being introduction to AWS, typical vulnerabilities in cloud deployments, AWS security features like IAM, securing containerised AWS environments, AWS lambda and continuous delivery with AWS.
Are there any practical sessions in this course or is it mostly theoretical?
This training includes a healthy mix of both theoretical and practical sessions. Therefore while new concepts introduced in the class are discussed in great detail it is followed by real world case studies and hands-on exercises.
Is this training more developer focused or is it security oriented?
The course is beneficial to both development and security teams alike as both offensive and defensive security considerations are covered in this training.
Understand how an unclaimed Amazon Web Services S3 bucket can escalate to a sub-domain takeover with corresponding mitigation strategies and best practices involved.
Amazon Inspector is a Vulnerability Scanning Service from Amazon that works in an “agent-based” mode against specific Operating Systems on EC2. More on its usage here.
If you are working with AWS Lambda (Serverless), chances are that you would be working with AWS’s NoSQL Database, DynamoDB. Learn about an attack scenario specific to DynamoDB.