SEC540: SANS India Cloud Security 2022

Provided by

Enquire about this course

What You Will Learn

The Cloud Moves Fast. Automate to Keep Up.

Organizations are moving to the cloud to enable digital transformation and reap the benefits of cloud computing. However, security teams struggle to understand the DevOps toolchain and how to introduce security controls in their automated pipelines responsible for delivering changes to cloud-based systems. Without effective pipeline security controls, security teams lose visibility into the changes released into production environments. Upfront peer code reviews and security approvals may not occur for change approval and audit requirements. Missing infrastructure and application scanning can allow attackers to find an entry point and compromise the system. Cloud security misconfigurations may publicly expose sensitive data or introduce new data exfiltration paths.

Security teams can help organizations prevent these issues using DevOps tooling and cloud-first best practices. SEC540 provides development, operations, and security professionals with a deep understanding of and hands-on experience with the DevOps methodology used to build and deliver cloud infrastructure and software. Students learn how to attack and then harden the entire DevOps workflow, from version control to continuous integration and running cloud workloads. Each step of the way, students explore the security controls, configuration, and tools required to improve the reliability, integrity, and security of on-premise and cloud-hosted systems.

SEC540 goes well beyond traditional lectures and immerses students in hands-on application of techniques during each section of the course. Each lab includes a step-by-step guide to learning and applying hands-on techniques, as well as a "no hints" approach for students who want to stretch their skills and see how far they can get without following the guide. This allows students, regardless of background, to choose the level of difficulty they feel is best suited for them- aalways with a frustration-free fallback path.

SEC540 also offers students an opportunity to participate in CloudWars Bonus Challenges each day, providing more hands-on experience with the cloud and DevSecOps toolchain.

SEC540 Will Prepare You To:

Understand the Core Principles and Patterns behind DevOps
  • Recognize how DevOps works and identify keys to success
Understand the DevSecOps Methodology and Workflow
  • Threat model and secure your build and deployment environment
  • Secure DevOps tools and workflows
  • Conduct effective risk assessments and threat modeling in a rapidly changing environment
  • Design and write automated security tests and checks in CI/CD
  • Understand the strengths and weaknesses of different automated testing approaches in Continuous Delivery
  • Inventory and patch your software dependencies
Integrate Security into Production Operations
  • Automate configuration management using Infrastructure as Code
  • Secure container technologies (such as Docker and Kubernetes)
  • Build continuous monitoring feedback loops from production to engineering
  • Securely manage secrets for Continuous Integration servers and applications
  • Automate compliance and security policy scanning
Move Your DevOps Workloads to the Cloud
  • Understand how to automate cloud architecture components
  • Use CloudFormation and Terraform to create Infrastructure as Code
  • Build CI/CD pipelines using Jenkins, CodePipeline, and Azure DevOps
  • Wire security scanning into Jenkins, CodePipeline, and Azure DevOps workflows
  • Containerize applications with Elastic Container Service and Azure Kubernetes Service
  • Integrate cloud logging and metrics with CloudWatch
  • Create Slack alerts from CloudWatch metrics
  • Manage secrets with Vault, KMS, and the SSM Parameter store
Consume Cloud Services to Secure Cloud Applications
  • Protect static content with CloudFront Signatures
  • Leverage Elastic Container Service for blue/green deployments
  • Secure REST APIs with API Gateway
  • Implement an API Gateway custom authorization Lambda function
  • Deploy the AWS Web Application Firewall and build custom WAF rules
  • Perform continuous compliance scans with CloudMapper
  • Enforce cloud configuration policies with Cloud Custodian
  • Please plan to arrive 30 minutes early before your first session for lab preparation and set-up (though obtaining your cloud account(s) should happen PRIOR TO this.) During this time, students can confirm that their cloud accounts are properly set up, ensure laptops have virtualization enabled, copy the lab files, and start the Linux virtual machine. For live classes (online or in-person), the instructor will be available to assist students with laptop prep and set-up 30 minutes prior to the course start time. The lecture will begin at the scheduled course start time.
  • Similar to providing hardware and software, students are required to provide their own AWS and Azure cloud environments. Your ability to execute the hands-on exercises will be delayed if you wait to set up the AWS account during a live class. Review the Laptop Requirements below for details.

    The SEC540 lab environment simulates a real-world DevOps environment, with more than 10 automated pipelines responsible for building cloud infrastructure, automating gold image creation, orchestrating containerized workloads, executing security scanning, and enforcing compliance standards. Students are challenged to sharpen their technical skills and automate more than 20 security-focused challenges using a variety of command line tools, programming languages, and markup templates. For advanced students, 2 hours of CloudWars bonus labs are available during extended hours each day. The labs include:
    • Attacking The DevOps Toolchain
    • Version Control Security
    • Automating Static Analysis
    • Protecting Secrets With Vault
    • Infrastructure as Code Network Hardening
    • Gold Image Creation
    • Docker Security Hardening
    • Automating Dynamic Analysis
    • Cloud Workload Security Review
    • Cloud Hosted CI/CD Guardrails
    • Continuous Security Monitoring
    • Data Protection Services
    • Automated Patch Deployment
    • Content Protection with CloudFront
    • API Gateway Security
    • Serverless Security
    • Blocking with WAF
    • Continuous Audit with CloudMapper
    • Automated Remediation with Cloud Custodian
    • Environment Tear Down
    • Coud & DevSecOps Bonus Challenges
    • CloudWars Bonus Challenges
    "During the labs, I learned how to automagically do all the things that I have been manually doing at the command line for years now." Brian Esperanza, Terradata

    • Printed and electronic courseware
    • ISO containing the course Virtual Machine (VM)
    • Course VM containing a pre-built DevOps CI/CD toolchain, Cloud Security, and Secure DevOps lab exercises
    • CloudFormation and Terraform code to deploy AWS and Azure infrastructure
    • A VM-hosted wiki and an electronic lab workbook for completing the lab exercises
    • Ability to use the Infrastructure as Code (IaC) and course VM indefinitely to continue your learning after the course ends

    Blog: What's New in SEC540: Cloud Security and DevSecOps Automation

    Posters, Cheat Sheets, and Lists
    • Cloud Security and DevOps Best Practices
    • Fix Security Issues Left of Prod
    • CWE/SANS Top 25 Most Dangerous Software Errors
    • Security Web Application Technologies (SWAT) Checklist
    • Cloud Secuirty and DevSecOps 3-Part Webcast Series, May 2021
    • Extending DevSecOps Security Controls into the Cloud: A SANS Survey, October 2020
    • Winning in the Dark: Defending Serverless Infrastructure in the Cloud, June 2020
    • Attacking and Defending Cloud Metadata Services, October 2019
    • Cloud Security and DevOps Automation: Keys for Modern Security Success, April 2019
    • Continuous Security: Monitoring & Active Defense in the Cloud, August 2018

    See a complete list of Cloud Security tools here, all of which are applicable to SEC540.

    • SEC584: Cloud Native Security: Defending Containers and Kubernetes
    • SEC541: Cloud Security Monitoring and Threat Detection


    Start date Location / delivery
    17 Oct 2022 Virtual Book now

    Related article

    At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...