Adoption of public cloud services is now more popular than ever. This course will help you understand the common weakness across the three most popular public cloud providers as well as arm you with the skills necessary to audit a cloud environment against industry recognised best practises. This course mixes practical examples of misconfiguration with both
manual and automated audit techniques.
This three-day course is designed to help people who either; work as security professionals and want to understand cloud security protections, misconfigurations and potential weaknesses, or cloud security architects who are responsible for designing secure cloud environments and want the skills necessary to assess their work and identify weaknesses in configurations.
This course will also demonstrate some practical examples of known weaknesses in public cloud and walk through some common weaknesses.
How will I benefit?
This course will enable you to:
•Identify weaknesses in cloud environments
•Help design more secure solutions
•Prevent unauthorised users gaining access to public resources
•Gain the ability to identify weaknesses before they become vulnerabilities
Who should attend?
Anyone with responsibility for, or an interest in, the security of cloud environments, including:
- Cloud architects
- System administrators
- Penetration testers
Select specific date to see price, venue and full details.
Learning Objectives
- The core functions and differences of the top three cloud provider
- Examples and practical demonstrations of “attacks against the cloud”
- Weaknesses and common misconfigurations of cloud services
- Best practices for securing cloud environments
- Practical enumeration of public weaknesses
Pre-Requisites
An understanding of how public cloud works and general web architecture:
- Familiarity with general networking and computing concepts
- Command line and API usage and concepts
An understanding of virtualisation, technologies surrounding shared computing resources and remote access would also be beneficial.
Course Content
1. Introduction
a. Introduction to the platforms
b. Understanding access types and access plains
c. Introduction the to platform CLI’s
d. Installing and configuring the CLI environment
e. Tools and their limitations
2. AWS Specific
a. IAM and User Security
b. Network Security
c. Resource Security
d. Common weaknesses and attacks
e. Case study of AWS weaknesses
3. Azure Specific
a. RBAC
b. Network security
c. Resource security
d. Microsoft specific weaknesses
e. Common attacks and weaknesses
f. Case study of Azure weaknesses
4. Google Cloud Specific
a. Cloud IAM
b. Network security
c. Resource security
d. Google Cloud specific details
e. Case study of GCP weaknesses
Exams & Certification
Those delegates successfully passing the exam at the end of the course will be awarded the Certified Cloud Security Analyst (CCSA) qualification.
Related Courses
- (ISC)2 Certified Cloud Security Manager
- APMG Practitioner Certificate in Cloud Security
- Application Security in the Cloud
- Certificate of Cloud Security Knowledge
- Certified Cloud Security Professional Certification Preparation
- Certified Lead Cloud Security Manager
- Certified Secure Software Lifecycle Professional - Certification Preparation