AUD507: SANS Live Online Europe July 2024

Provided by

Enquire about this course

What You Will Learn
Controls That Matter - Controls That Work

This course is organized specifically to provide a risk-driven method for tackling the enormous task of designing an enterprise security validation program, covering systems, applications, and the cloud. After covering a variety of high-level audit issues and general audit best practices, students will have the opportunity to delve into the technical "how-to" for determining the key controls that can be used to provide a high level of assurance to an organization. Real-world examples provide students with tips on how to verify these controls in a repeatable way, as well as many techniques for continuous monitoring and automatic compliance validation. These same real-world examples help the students learn how to be most effective in communicating risk to management and operations staff.

Students will leave the course with the know-how to perform effective tests of enterprise security in a variety of areas including systems, applications, and the cloud. The combination of high-quality course content, provided audit checklists, in-depth discussion of common audit challenges and solutions, and ample opportunities to hone their skills in the lab provides a unique setting for students to learn how to be an effective enterprise auditor.

"AUD507 has obvious practical applications, and it's great to see some of the most infamous hacking methods explained and executed in real time. In the labs, I'm getting hands-on experience with the tools. The opportunity to learn how to interpret the results taught me more in one afternoon than I've picked up here-and-there over an entire career." - Tyler Messa, AWS
Business Takeaways
  • Gain confidence that you have the correct security controls and they are working well
  • Lower your audit costs with effective, efficient security audits
  • Improve relevance of IT audit reporting, allowing the organization to focus on what really matters
  • Improve security compliance while reducing compliance and security risks, protecting your reputation and bottom line
Skills Learned
  • Apply risk-based decision making to the task of auditing enterprise security
  • Understand the different types of controls (e.g., technical vs. non-technical) essential to performing a successful audit
  • Conduct a proper risk assessment of an enterprise to identify vulnerabilities and develop audit priorities
  • Establish a well-secured baseline for computers and networks as a standard to conduct audit against
  • Perform cloud environment audits using automated tools and a repeatable process
  • Audit virtualization hosts and container environments to ensure properly deployment and configuration
  • Utilize vulnerability assessment tools effectively to provide management with the continuous remediation information necessary to make informed decisions about risk and resources
  • Audit a web application's configuration, authentication, and session management to identify vulnerabilities attackers can exploit
  • Utilize automated tools to audit Windows and Linux systems
  • Audit Active Directory Domains
Hands-On Training

This course goes beyond simply discussing the tools students could use; we give them the experience to use the tools and techniques effectively to measure and report on the risk in their organizations. AUD507 uses hands-on labs to reinforce the material discussed in class and develop the "muscle memory" needed to perform the required technical tasks during audits. In sections 1-5, students will spend about 25% of their time in lab exercises. The final section of the course is a full-day lab that lets students challenge themselves by solving realistic audit problems using and refining what they have learned in class.

Students learn how to use technical tests to develop the evidence needed to support their findings and recommendations. Each section affords students opportunities to use the tools and techniques discussed in class, with labs designed to simulate real-world enterprise auditing challenges and to allow the students to use appropriate tools and techniques to solve these problems.
  • Section 1: Audit Tool Setup, Network scanning and Continuous Monitoring with Nmap, Network Discovery Scanning with Nessus, Configuring and Using Cloud Provider Tools, Cloud Provider Inventory
  • Section 2: Introduction to PowerShell, Windows System Measurements, Auditing Users, Permissions and Logging, Compliance and Testing at Scale
  • Section 3: Linux System Information and Permissions, File Integrity, Kernel Settings and Services, Linux Logging, Linux System Audits
  • Section 4: VMWare and Kubernetes, Cloud Identity and Access Management, Cloud Infrastructure, Cloud Benchmarks
  • Section 5: Web Auditing with Burp, Server Configuration and Static Analysis, Fuzzing with Burp, Injection Flaws
  • Section 6: Capture the Flag: Audit Essentials, Windows Systems, Windows Domains, Kubernetes, Linux, OSQuery and Fleet, Cloud Services, Web Applications
"The labs or exercises were Excellent because provides knowledge, information and experience." - Amjad Awdhah Saeed Alshahrani, Site

"Today's netwars was definitely a challenge and for me I needed the team so we could all use our strengths. Excellent coverage of everything we've learned without repeating exact exercises we had done in the week. Good way to know I did understand what we've been learning all week. The workbook was a good reference to return to." - Carmen Parrish, US Government

"The hands-on labs reinforce the learning from the book. I learn best when I can touch and feel the material being taught." - Rodney Newton, SAP
Syllabus Summary
  • Section 1: How to be an IT auditor; How to gain visibility for hybrid cloud environments
  • Section 2: Using PowerShell and native tools to measure security of Windows systems and domains
  • Section 3: Understanding Unix security and how to use built-in tools and scripting to measure it
  • Section 4: Auditing security of hybrid cloud environments and enterprise networks
  • Section 5: Understanding and auditing the OWASP proactive controls for web applications
  • Section 6: Full-day hands-on lab exercise using all the skills and tools learned during the course
Additional Free Resources
  • SANS Cloud Security Maturity Model
  • SANS SWAT Web App Checklist
  • Regex cheat sheet
  • Sed one liners cheat sheet
  • Awk one liners cheat sheet
  • Cloud Ace Podcast
What You Will Receive
  • Printed and Electronic Courseware
  • MP3 audio file of the complete course lecture
  • Audit checklists
What Comes Next

Depending on your current role or future plans, one of these courses is a great next step in your leadership journey:

Compliance or Audit Professional
  • SEC566: Implementing and Auditing CIS Critical Controls
  • SEC510: Public Cloud Security: AWS, Azure, and GCP
Technical Security Manager or InfoSec Technician:
  • LDR516: Building and Leading Vulnerability Management Programs


Start date Location / delivery
29 Jul 2024 Virtual Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...