Clientele ➞

Security Testing in AWS Cloud

1 (1)

Duration: 2 Days

Description

Security Testing in AWS Cloud is a hands-on training created to quickly get you up and running with being secure on the AWS cloud infrastructure. You will learn what it really means to be secure while creating, managing and operating your applications in the cloud. While the training content is unique we have included all the relevant best practices as recommended by Amazon etc. The training is going to be a mix of theory and practical labs over a period of 2 days.

Why learn about Security Testing in AWS Cloud?

  • The role of a QA person changes in Cloud infrastructure. AWS manages the underlying infrastructure but you must secure anything you put on the infrastructure. This includes your virtual instances and anything you install on them, any accounts that access your instances, the security group that allows outside access to your instances, the VPC subnet that the instances reside within if you’ve chosen this option, the external access to your S3 buckets, etc.
  • This means that there are several security decisions you need to make and controls you must configure. 
  • This course will be handled by experienced trainers who not only have immense knowledge on the subject but also bring in a lot of valuable and relevant work experience.

Objectives

  • You will be able to secure your cloud infrastructure
  • You will be able to do security testing on your cloud infrastructure
  • You will learn how to objectively evaluate risk and threats that concern your data
  • Learning about security will give you assurance about your cloud infrastructure

Who Should Attend

  • Someone Someone is who is responsible for setting up AWS infrastructure for his/her team/org and worries about how secure it is.
  • QA personnel that are tasked with testing applications hosted on AWS (or any other cloud).
  • Someone who has dabbled with AWS but struggles to validate if their data and servers will be safe against attacks, viruses, etc.
  • Those who want to learn about AWS security in a structured manner so that they can validate their architecture or maybe even aim for compliance.

Prerequisites

  • Understand terms like Cloud, EC2, S3, SSH, RDP and have knowledge of basic networking fundamentals.

Course Outline

Day 1

 

  • Why does Cloud require Security?
    • To protect data
    • To protect applications
    • To protect infrastructure
  • Security in the AWS Cloud/ Infra As A Service
    • Does AWS care about security? In other words how does AWS take care of security
    • Shared sense of security.
      • You take care of application and network security
      • Amazon takes care of infrastructure security.
    • Data Security in transmission
    • Data Security at rest
  • Basics of Infrastructure Security
    • Basics of Firewalls
      • Types of Firewalls
    • File and User Permissions
    • Network Services and Local Services
  • AWS Security Groups
    • Hands on
      • Setting up Security Groups
    • AWS VPC
      • Set up a virtual private cloud and connect it with your internal network using IPSec VPNs
    • Hands On port scanning
      • Scan for open ports.
      • Confirm that Security Groups are working properly
  • Secure Remote Administration of Server
    • Linux (SSH, SCP, SFTP)
    • Windows? (VNC)
    • Hands on
      • Login to a new Linux based EC2 instance.
      • Login to a new Windows based EC2 instance.
  • Access Control for your AWS Management Console
    • AWS Identity and Access Management (IAM)
      • Safeguarding your AWS credentials
      • Best practices for IAM
      • Hands On

 

Day 2

 

  • Securing the Server OS
    • Patching and Upgrading
    • Hardening the Server
    • Hands On
      • Step by step guide to hardening the server and keeping it hardened
  • Securing the Server Software
    • Secure Installations
    • Access Control
    • Authentication and Encryption
    • More about encryption approaches and techniques
  • Maintaining Security
    • Logging
    • Backups
  • Security Testing (Hands On at least 3 hours)
    • Test the security of your instance
      • Create a basic test plan
      • Tools to do network scanning
      • Tools to do application scanning

About The Trainer

Akash Mahajan
Web Security Consultant

 Akash MahajanAkash is “That Web Application Security Guy”. A Certified Ethical Hacker with more than 8 years of experience in Application and Network Security. Before becoming an expert security consultant he was a technical lead for one of the leading American commercial security software companies specializing in end point security.

Along with his day job Akash is heavily involved in the wider global security community, ranging from his work with OWASP, to being one of the founders of null The Open Security Group, India’s foremost non-profit computer security organisations.

Akash is currently the OWASP Bangalore chapter lead and also the Community Manager for null.

View Linkedin Profile

Other Details

Questions?

For latest batch dates, fees, location, technical queries and general inquiries, contact our sales team at: +91 8880002200 or email at sales@cloudthat.in

Upcoming Batches

TBA
Fill out my online form.
Recently Viewed Courses.
  • Security Testing in AWS Cloud

  • Favorite Courses
    No Favourites added yet.

    Our Partners