Cloud and Web-based Application Security Foundation

Rating:
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5
Loading...
Please Log in or register to rate

Cloud and Web-based Application Security Foundation

SEC-216

As more companies develop their own software on top of cloud services, the importance of embedding security considerations early into the project lifecycle rises. Good security practices can be the difference between a successful projects or grand failures. Integrating good security practices early as possible can result in better software assurance, resilience and users experience while neglecting them can lead to various sad endings.

This security workshop was created to provide useful security information for professional who wish to better understand the challenges facing companies developing their workloads on top of cloud infrastructure. This workshop is for software developers, product managers, architects, operations & DevOps, IT and QA.

Part 1 - Cloud Security | Moshe Ferber

Cloud Security for Developers and Operations 

This part of the workshop is delivered by Moshe Ferber, Cloud Security Evangelist

  • The basics of Cloud security
    − SaaS/PaaS/IaaS – different security consideration.
    − The shared responsibility model
    − Understanding cloud threats and attack vectors
  • Infrastructure security – protect your IaaS
    − Architecture and Design consideration for security
    − Dashboard protection
    − Monitoring and audit
    − Automation and building environments
  • Data security – protect your data
    − Understanding laws and compliance consideration
    − Different encryption schemes in IaaS/PaaS
    − Other data security tools: DLP/Discovery/Tokenization/Masking/anonymization
Part 2 - Web Security | Daniel Krivelevich

Web Applications Security

This part of the workshop is delivered by Daniel Krivelevich, Security Specialist @ LivePerson

  • Understanding the attack surface and the attacker’s point of view:
    Prior to diving into the essentials of defending web applications from common attacks, a short intro will be given on the way an attacker approaches a target web application and the techniques he uses to create his attack surface, including:
    − Crawling
    − Fuzzing
    − Google Hacking
    − and more
  • Common attacks / attack vectors – anatomy & mitigation
    − Client side attacks: XSS,CSRF
    − Server side attacks: SQL Injection, Abusing file upload mechanisms
    − Denial of service
    − Bypassing Authentication/Authorization/Session handling Mechanisms
    − Information disclosure
    − OWASP top 10
  • Useful tools
    − Burpsuite/ZAP
© Copyright - Skilit - Site by Dweb