Testing & Securing Cloud Infrastructure 

Workshop Duration: 2 days
Date: 4 & 5th June,2015

Price: INR 25,000

Description:

Cloud computing has taken over the world and completely transformed how web and mobile applications are written. The combined benefits of no cost upfront and not having to worry about clean power, data centre management and how much to provision are extremely powerful. These allow for an agile, automated and modular service model and this is attractive to all kinds of business users.

In this training we will look at a specific subset of cloud service models known as Infrastructure As A Service (IAAS) and only cover public deployments of these. The training is for professionals with knowledge of running IAAS based Public Cloud instances. After this training trainee will have a clear idea on how to secure their Cloud Infrastructure and test the same for different kinds of Network and Application security. We will restrict our hands-on to AWS, GCE and Azure for the training.

Workshop Agenda:

Day 1 :

• Why does Cloud require Security?
  • To protect data
  • To protect applications
  • o To protect infrastructure
• Launch Cloud Instances (Hands-On)
• Security concerns in the Cloud (Infrastructure As A Service)
  • Does IAAS Cloud Vendor care about security?
  • Shared sense of security.
• You take care of application and network security
• IAAS Cloud Vendor takes care of infrastructure security.
  • Data Security in transmission
  • Data Security at rest
• Infrastructure Security For Cloud Instances (Hands-On)
  • Basics of Firewalls
  • Network Services and Local Services
  • AWS Security Groups
  • Firewalls vs AWS Security Groups
  • Setting up Security Groups (Hands-On)
  • AWS VPC
  • Scan for open ports.
• Secure Remote Administration of Servers (Hands-On)
• Access Control for your Cloud Management Console
  • AWS Identity and Access Management (IAM)

Day 2 :

• Securing the Server OS
  • Patching and Upgrading
  • Hardening the Server
  • Hands On

• Securing the Server Software
  • Secure Installations
  • Access Control
  • Authentication and Encryption
  • More about encryption approaches and techniques
• Maintaining Security
  • Logging
  • Backups
• Security Testing
  • Test the security of your instance
• Step by step guide to hardening the server and keeping it hardened
• Create a basic test plan
• Tools to do network scanning
• Tools to do application scanning
  • Executing Security for our infrastructure (Hands-On)
• Testing Security Groups
• Testing access and authorisation for AWS IAM
• Testing Network Security of the perimeter
• Testing Application Security
  • Setting up Encryption (Hands-On)
• Block Level
• File level

Candidate Requirements:

1. Have basic knowledge of networking fundamentals.

2. Have the ability to understand commands and scripts in a terminal.

3. You have successfully launched an AWS EC2 instance on your own.

4. A thorough understanding of how basic AWS services work.

5. Understand terms like Cloud, EC2, APIs, S3, SSH, RDP.

You Need To Bring:

• A laptop with internet access enabled. Please bring a dongle as there may not be stable internet at the venue.
• Your laptop needs to have adminitrator/root permission
• A modern browser like Chrome or Firefox
• A text editor like Sublime/Notepad++

Eligible Candidates(Who should attend):

• If you are someone who is responsible for setting up cloud infrastructure for your team or company and worried about security
• If you are in the QA team planning to test applications hosted in the cloud?
• If you are someone who has dabbled with cloud but always had your doubts if the server you just setup was safe against attacks and malware
• If you are someone who has a basic idea on how to secure all of this, but would love to learn this in a structured manner

Set Expectations:

• Interactive Hands-on Session

Takeaway

• Complete hands-on lab guide in PDF format
• All the software that we will be using
• A handy security checklist for quick wins in Cloud Security

Benefits of Attending

• Step by step guide to securing your AWS Cloud Infrastructure.
• Verify and validate security by conducting Security Testing of your own Cloud Infrastructure.
• Objectively evaluate security risks and make sane choices about where to focus your security efforts on.
• Basic idea about doing application and network security testing of your applications on the cloud

Trainer: Akash Mahajan

Akash is “That Web Application Security Guy”. He has more than 10 years of experience in Application & Network Security. Before starting his own company he was a technical lead for one of the leading American company in specialising in security software. He started in security working on web infrastructure for the government of India. Akash is the founder and community Manager at null – The Open Security Group and Chapter Lead at OWASP Bangalore while founding The AppSec Lab a company focussed on Application Security.

He used to be actively involved with the Bangalore Barcamp Planners group, has done events like AppJam and MobileCamps all over India where he evangelized security to Small and Medium Enterprises.

Publications-

• Is your website insecure? – Published in Healthy Code April 2014 issue
• Guidelines for Digital Promotions – Published - The Institute of Promotional Marketing Sep 2011

Checkout other training

>> Cyber Forensics & Incident Response Training: Click Here

>> Network Forensic & Practical Packet Analysis: Click Here

>> Application Security Testing & Web Hacking: Click Here

>>Reverse Engineering & Malware Analysis: Click Here

>>Advanced Android & iOS Hands-on Exploitation - Click here

>> Decision Summit & Top 100 CISO Awards: Click Here