Description
Price: 19.00 USD | Size: 4.06 GB | Duration : 18.55 Hours | 108 Video Lessons
BRAND: Expert TRAINING | ENGLISH | INSTANT DOWNLOAD | 4.9
Applications are vital components of an enterprise. Hence application security also becomes an integral part of the enterprise network that helps prevent security vulnerabilities against various threats. Currently, most enterprises are leveraging Cloud services to deploy/host their applications. So, it is equally important to secure those applications. The attack surface for the applications deployed/hosted in the cloud changes drastically and varies between cloud service providers.
Azure is a cloud service provider that offers multiple cloud services that are very popular in enterprise environments. In this course, we will explore and learn about various enterprise application services offered by Azure like App Service, Function Apps, Enterprise Applications, API Management, Cosmos DB, SQL Server etc.
This hands-on class covers abusing application flaws/misconfiguration, features, and interoperability to compromise an enterprise-like live lab environment. Each student gets a dedicated lab! As a bonus, there is a shared lab to practice with fellow students. The class also covers security controls useful in defending against the discussed attacks.
Are you an Application Security professional, Developer, or Cloud Security professional and want to level up your skills in securing and assessing modern applications hosted in Azure ? Then this course has something for everyone to learn and improve by and practicing in the lab environment. The course will focus on methodology and techniques through instructor demos, exercises, and hands-on labs.
What’s Included
-
Access to two lab environments (One/Two/Three months) with live Azure environment. Labs can be accessed using a web browser or VPN. One of the labs is a dedicated lab with focused challenges. The second lab is a shared enterprise-like environment.
-
17+ hours of video course
-
Course slides
-
Lab manual
-
Walk-through videos
-
One Certification Exam attempt
What will you Learn?
The Azure Application Security course will enable you to:
-
Improve your skills by exploiting vulnerabilities like RCE, Blind RCE, SSTI, LFI and many more in modern web applications hosted in our live Azure lab.
-
Learn to bypass defenses like Conditional Access by abusing MS Graph API and evading Azure WAF.
-
Understand and abuse App Registrations & Enterprise Apps in a live Azure lab.
-
Execute attacks against modern cloud native database services like Cosmos DB.
-
Learn about various Authentication & Authorization methods, Access Control methods supported by Azure and its services.
-
Practice and execute attacks against services used to develop and deploy applications in Azure.
-
Understand how the applications are deployed by leveraging App Service and Function Appsservice offered by Azure and explore supported configuration options.
-
Execute attacks against misconfigured services.
-
Executer attacks against services that store sensitive information or data in the cloud. Understand how to manage access to those services and explore ways to gain access to those data.
-
Learn and explore services like Azure WAF, Conditional Access, MDCA, CASB, MDC that help the enterprise protect against attacks on Identities, Applications, Azure tenants, etc.
CAWASP – Attack Lab-Walkthrough Videos
Learning Objective 01
Learning Objective 04
Learning Objective 09
Learning Objective 10
Learning Objective 11
Learning Objective 12
Learning Objective 19
Learning Objective 20
Learning Objective 26
Learning Objective 27
Learning Objective 28
Learning Objective 29
CAWASP – Course Materials (PDFs)
Azure Application Security
Connecting To Lab
LabManual
CAWASP – Course Videos
01 – Course Introduction
02 – Azure Introduction
03 – Service Models
04 – Azure Architecture
05 – Azure Active Directory
06 – Tools
07 – Recon
08 – Enumeration
09 – Azure RBAC
10 – Azure ABAC
11 – Type of Roles
12 – About Application Services
13 – App Service
14 – Deploying App Service using VSCode
15 – Learning Objective 01
16 – Extract Infromation from App Service
17 – Learning Objective 02
18 – Learning Objective 03
19 – Learning Objective 04
20 – Learning Objective 05
21 – Learning Objective 06
22 – REST API In Azure
23 – Authentication and Authorization
24 – Authentication Demos
25 – About Tokens
26 – Managed Identities
27 – Learning Objective 07
28 – Learning Objective 08
29 – Learning Objective 09
30 – About Web Application Firewall
31 – Azure Application Gateway
32 – Azure Front Door
33 – Azure CDN
34 – WAF Bypass
35 – Learning Objective 10
36 – Bypass WAF configured using Application Gateway
37 – App Registrations
38 – App Registrations – Credentials
39 – App Registrations – Certificates Demo
40 – App Registrations – Client Secrets Demo
41 – App Regisrtrations – Federated Identity Credentials
42 – Learning Objective 11
43 – Enterprise Applications
44 – Enterprise Applications – Consent and Permissions
45 – Illicit Consent Grant Attack Demo
46 – Family of Client IDs
47 – Microsoft Graph
48 – Microsoft Graph API Permissions
49 – Privlege Escalation to Global Admin Demo
50 – Conditional Access Policy
51 – Modify Conditional Access Policy
52 – Learning Objective 12
53 – Function App
54 – Learning Objective 13
55 – Key Vault
56 – Learning Objective 14
57 – Learning Objective 15
58 – Learning Objective 16
59 – Learning Objective 17
60 – Learning Objective 18
61 – Learning Objective 19
62 – Learning Objective 20
63 – Azure Storage
64 – Azure Storage Portal Overview
65 – Learning Objective 21
66 – Learning Objective 22
67 – Learning Objective 23
68 – Learning Objective 24
69 – Learning Objective 25
70 – Learning Objective 26
71 – Learning Objective 27
72 – About Databases
73 – Cosmos DB
74 – Azure SQL
75 – PostgreSQL
76 – MySQL
77 – Learning Objective 28
78 – Learning Objective 29
79 – Application Proxy
80 – Azure API Management
81 – Azure API Management Portal Overview
82 – Azure API Management Demo
83 – Microsoft Defender for Cloud Apps
84 – Microsoft Defender for Cloud
85 – Defense
CAWASP – Demos Videos
Demo_01_AppService_Deployment_VSCode
Demo_02_Implicit_Sign_In_Authentication_Flow
Demo_03_Client_Credentials_Sign_In_Authentication_Flow
Demo_04_Device_Code_Sign_In_Authentication_Flow
Demo_05_Resource_Owner_Credentials_Sign_In_Authentication_Flow
Demo_06_App_Registration_Certificate
Demo_07_App_Registration_Client_Secrets
Demo_08_Illicit_Consent_Grant_Attack
Demo_09_Graph_API_Abuse_To_GA
Demo_10_Graph_API_Abuse_Condition_Access_Policy
Demo_11_API_Management
CAWASP – Diagrams
Kill Chain
CAWASP – PowerShell scripts & code snippets
Abuse App Role Assignment Permission
Abuse Conditional Access Policy Permission
Certificate Based Login Demo
Client Credentials
Device Code leveraging Office App
Reference Commands
Resource Owner Password Credentials
Illicit Consent Grant Attack FunctionAPP Code
CAWASP – Tools
Tools
studentx
Discover more from Easy Learning (Since 2013)
Subscribe to get the latest posts sent to your email.
Reviews
There are no reviews yet.