Azure Application Security
This training is also available as Azure Application Security as a bootcamp and on-demand class
Objective
This beginner-friendly class is for application security professionals, developers and cloud security professionals. Improve your understanding of Azure Cloud, Azure AD, Authentication & Authorization process, Enterprise Apps, APIs, OAuth Permissions and more. Learn about Azure services used for deploying and running applications such as AppServices, Function Apps, Key Vaults, Storage Accounts, Databases, etc.
This hands-on class covers abusing application flaws/misconfiguration, features and interoperability to compromise an enterprise-like live lab environment. Each student gets a dedicated lab! As a bonus, there is a shared lab to practice with fellow students. The class also covers security controls useful in defending against the discussed attacks. The class will focus on methodology and techniques through instructor demos, exercises, and hands-on labs.
Course Content
Module 1
-
Introduction to Azure
-
Azure AD Resources
-
Recon and Enumeration
-
Azure RBAC & ABAC
-
Applications
-
App Services
-
App Services - Abuse
Module 2
-
Rest APIs in Azure
-
Authentication & Authorization
-
Tokens
-
Managed Identity
-
Azure Web Application Firewall
-
App Registrations
-
Enterprise Apps
Module 3
-
Illicit Consent Grant Attack (OAuth Phishing)
-
Abusing Misconfigured Enterprise Apps
-
Function Apps
-
Function Apps – Abuse
-
Key Vaults
-
Key Vaults - Abuse
-
Storage Accounts
-
Storage Accounts - Abuse
Module 4
-
Databases
-
Application Proxy
-
Azure API Management
-
API Security
-
Microsoft Defender for Cloud Apps
-
Microsoft Defender for Cloud
-
Actionable Defense
Who should take this course?
Application Security professionals, Developers, Red Teamers, Penetration Testers and Blue Teamers who would like to understand more about web application security and abuse in Azure.
Student Requirements
-
Basic understanding of Application Security and Azure is desired but not mandatory.
What students should bring
-
System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
-
Privileges to disable/change any antivirus or firewall.
What students will be provided with
-
Attendees will get free one month access to two labs (practice lab and attack lab) configured like an enterprise environment, during and after the training.