Azure Application Security Lab (CAWASP)

Azure Application Security Lab Objectives:

Applications are vital components of an enterprise. Hence application security also becomes an integral part of the enterprise network that helps prevent security vulnerabilities against various threats. Currently, most enterprises are leveraging Cloud services to deploy/host their applications. So, it is equally important to secure those applications. The attack surface for the applications deployed/hosted in the cloud changes drastically and varies between cloud service providers.

Azure is a cloud service provider that offers multiple cloud services that are very popular in enterprise environments. In this course, we will explore and learn about various enterprise application services offered by Azure like App Service, Function Apps, Enterprise Applications, API Management, Cosmos DB, SQL Server etc.

This hands-on class covers abusing application flaws/misconfiguration, features, and interoperability to compromise an enterprise-like live lab environment. Each student gets a dedicated lab! As a bonus, there is a shared lab to practice with fellow students. The class also covers security controls useful in defending against the discussed attacks.

Are you an Application Security professional, Developer, or Cloud Security professional and want to level up your skills in securing and assessing modern applications hosted in Azure ? Then this course has something for everyone to learn and improve by and practicing in the lab environment. The course will focus on methodology and techniques through instructor demos, exercises, and hands-on labs.

What's Included

Red Team Lab, Red Team Certifications, Red Team Trainings, Azure Pentesting, Azure Security

Access to two lab environments (One/Two/Three months) with live Azure environment. Labs can be accessed using a web browser or VPN. One of the labs is a dedicated lab with focused challenges. The second lab is a shared enterprise-like environment.
17+ hours of video course
Course slides
Lab manual
Walk-through videos
One Certification Exam attempt

What will you Learn?

The Azure Application Security course will enable you to:

Improve your skills by exploiting vulnerabilities like RCE, Blind RCE, SSTI, LFI and many more in modern web applications hosted in our live Azure lab.
Learn to bypass defenses like Conditional Access by abusing MS Graph API and evading Azure WAF.
Understand and abuse App Registrations & Enterprise Apps in a live Azure lab.

Execute attacks against modern cloud native database services like Cosmos DB.
Learn about various Authentication & Authorization methods, Access Control methods supported by Azure and its services.
Practice and execute attacks against services used to develop and deploy applications in Azure.
Understand how the applications are deployed by leveraging App Service and Function Apps service offered by Azure and explore supported configuration options.
Execute attacks against misconfigured services.
Executer attacks against services that store sensitive information or data in the cloud. Understand how to manage access to those services and explore ways to gain access to those data.
Learn and explore services like Azure WAF, Conditional Access, MDCA, CASB, MDC that help the enterprise protect against attacks on Identities, Applications, Azure tenants, etc.

Purchase On Demand Lab

On Demand Lab

30 DAYS LAB ACCESS
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT

$299

On Demand Lab

60 DAYS LAB ACCESS
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT

$449

On Demand Lab

90 DAYS LAB ACCESS
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT

$699

Exam Reattempt is only for existing or past students of this course who have already purchased this course in the past.

Extension

30 DAYS
LAB EXTENSION
+
ONE CERTIFICATION EXAM ATTEMPT

$249

Reattempt

EXAM
REATTEMPT

$99

Certificate Renewal - Only For Existing CAWASP Certified Students

Course access and one renewal exam attempt is free. If you want to access the lab for practice or need another renewal exam attempt, purchase that from here.

Extension

30 DAYS LAB ACCESS FOR CERT RENEWAL

$179

Reattempt

ADDITIONAL RENEWAL EXAM

$29

Terms of Purchase and Use:

You can start your lab access anytime within 90 days of purchase
You need a Google account to access the lab portal azredlabs.enterprisesecurity.io
One Certification Exam attempt is included in the pricing. Additional exam attempts will be $99 each
Once connected over VPN, consider the lab to be a hostile environment and you are responsible for your computer's security
The above lab is a shared environment and certain pre-specified machines will be off-limits
If you want a dedicated lab just for yourself, please use the form in the Contact-Us tab

Nikhil: Founder of Altered Security, BlackHat USA Trainer, DEF CON Speaker

Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming.

He specializes in assessing security risks at secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure AD, Active Directory attacks, defense and bypassing detection mechanisms.

Nikhil has trained more than 10000 security professionals in private trainings and at the world’s top information security conferences.

He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.

He is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/

Selected Conference Talks

1 Evading Microsoft ATA for Active Directory Domination (BlackHat USA 2017 and BruCON 2017)

3 PowerShell for Practical Purple Teaming
(x33fcon 2017)

5 RACE - Minimal Rights and ACE for Active Directory Dominance (DEF CON 2019)

2 AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well it Does it (BlackHat USA 2016)

4 PowerShell for Practical Purple
Teaming (DEF CON 21)

6 0wn-premises: Bypassing Microsoft Defender for Identity (BruCON 2022)

Purchase On Demand Lab

On Demand Lab

30 DAYS LAB ACCESS
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT

$299

On Demand Lab

60 DAYS LAB ACCESS
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT

$499

On Demand Lab

90 DAYS LAB ACCESS
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT

$699

Extension

30 DAYS
LAB EXTENSION
+
ONE CERTIFICATION EXAM ATTEMPT

$249

Reattempt

EXAM
REATTEMPT

$99

Exam Reattempt is only for existing or past students of this course who have already purchased this course in the past.

Certificate Renewal - Only For Existing CAWASP Certified Student

Course access and one renewal exam attempt is free. If you want to access the lab for practice or need another renewal exam attempt, purchase that from here.

Extension

30 DAYS LAB ACCESS FOR CERT RENEWAL

$179

Reattempt

ADDITIONAL RENEWAL EXAM

$29

Terms of Purchase and Use:

You can start your lab access anytime within 90 days of purchase
You need a Google account to access the lab portal azredlabs.enterprisesecurity.io
One Certification Exam attempt is included in the pricing. Additional exam attempts will be $99 each
Once connected over VPN, consider the lab to be a hostile environment and you are responsible for your computer's security
The above lab is a shared environment and certain pre-specified machines will be off-limits
If you want a dedicated lab just for yourself, please use the form in the Contact-Us tab

Certified Azure Web Application Security Professional (CAWASP)

The CAWASP is a completely hands-on certification. The student must solve the exam lab that consists of realistic challenges deployed in Azure to earn the certification. The students will have 24 hours to solve the complete exam lab.

To keep the certificate updated with changing skills and technologies, there is an expiry time of three years for it.

In case you must retake the exam, a re-attempt fee of $99 is applicable. There is a cool down period of one month before a student can appear in the exam again. The student will get an exam environment from the pool of our different exam labs. After total 3 attempts (1 included with the lab and two additional attempts), a student must wait for a cool down period of 6 months.

Certificate Expiry and Renewal

To keep the certificate updated with changing skills and technologies, there is an expiry time of three years for it. The renewal exam is FREE before the certificate expires. CAWASP can also be renewed by taking CARTE. Please take a look at this blog post for more details: https://www.alteredsecurity.com/post/renewal-process-for-altered-security-certifications

Exam Structure

The students get access to a dedicate exam lab for 24 hours that is deployed in Azure. The students will have to compromise all the applications and resources present in the exam lab to earn the certification.

At the end of the exam, students need to submit a report detailing solutions to challenges along with proof of completion.

Certificate Benefits

A Certified Azure Web Application Security Professional (CAWASP) demonstrates hands-on knowledge of application security in Azure.

A certification holder would have practical knowledge of doing security assessments of various web application technologies on Azure (like Enterprise Apps, App Services, Functions, OAuth Permissions, API Security, Storage Accounts, Key Vaults, Databases etc.) and understanding of security controls (WAF, MDCA, MDC, Conditional Access etc.) that could be used for defense.

29 Learning Objectives, 72 Tasks > 115 hours of learning

Module I: - Introduction

Learn about Azure services & Azure AD components.
Gain understanding about the Service Models supported by Azure & Azure Architecture.
Learn the process of discovering & enumerating Azure & Azure AD resources.
Learn about the access control mechanism supported by Azure for granting privileges to the end users.

Module II: - Applications (App Services, APIs)

Understand about the Application services that are offered by Azure.
Gain deep understanding about App Service and its environment.
Understand how to deploy code in App Service and understand about various configuration options that can be applied for any application leveraging App Service.
Understand about the management portal of App Service.
Learn how to exploit web application vulnerabilities and extract information from the applications hosted on App Service.
Learn about various Rest API endpoints that are offered by Azure for managing various service.

Module III: - Authentication & Authorization

Deep dive into OAuth, Authentication and Authorization process.
Gain understanding about JTW tokens and the type of tokens that are supported by Azure like ID Token, Access Token, Refresh Token.
Understand about Managed Identity and the process to enumerate and request access token.

Module IV: - Azure WAF

Learn about Web Application Firewall.
Learn about the services such as Application Gateway, Front Door, CDN that are offered by Azure which supports WAF.
Gain the understand of the process that can be followed to bypass WAF.

Module V: - App Registrations, Enterprise Apps & Conditional Access Policy

Learn and explore App Registration and Enterprise App components offered by Azure AD.
Understand how Illicit Consent Grant Attacks works and learn to write a simple function app that can allow us to capture the token information and save the same in table storage.
Learn about Microsoft Graph API and ways to abuse misconfigure permissions.
Learn about Conditional Access Policies and how it can help us in restricting the users from gaining access to the resources.

Module VI: - Function Apps

Understand what are Function Apps, how it is deployed in Azure and the functionality.
Gain understanding of stateful Function App feature known as Durable Function Apps.
Learn how to exploit vulnerability in Function App and extract information.
Learn ways to read the source code or create a new function in the Function App by leveraging Master Key.

Module VII: - Key Vaults

Learn and understand about Key Vaults and its Rest API endpoints.
Understand Access Controls methods that Key Vault supports
Understand the need of using recover policies.
Learn how to leverage various RBAC roles and Key Vault access policies to extract the secrets and decrypted the encrypted values.

Module VIII: - Storage Accounts

Learn and understand about Storage Accounts, Types of storage services.
Understand about various Access Control methods such as AAD User, Shared Key, Shared Access Signature, Connection String.
Learn how to leverage various options to gain access to the Storage account.

Module IX: - Databases

Learn about various Database services offered by Azure such as Cosmos DB, Azure SQL, PostgreSQL, MySQL/MariaDB.
Understand the benefits of using specific Database services.
Understand the ways to gain access to Cosmos DB account and extract information.

Module X: - Application Proxy & Azure API Management

Learn about Application Proxy and its Components.
Understand the authentication workflow of the Application Proxy.
Learn about Azure API Management service and understand how it can help us to protect and restrict the APIs.

Module XI: - Microsoft Defender for Cloud & Microsoft Defender for Cloud Apps

Gain understanding of Microsoft Defender for Cloud Apps solution, Architecture and features.
Gain understanding of what is Microsoft Defender for Cloud, how it can help us to secure the infrastructure.
Learn about various alerts that can be triggered if it is integrated with App Service.

Module XII: - Defense

Learn about approach that can be followed to secure/protect various resources hosted in Azure.

azure app sec purchase

30 DAYS LAB ACCESS + LIFE TIME ACCESS TO COURSE MATERIAL + ONE CERTIFICATION EXAM ATTEMPT

$299

60 DAYS LAB ACCESS + LIFE TIME ACCESS TO COURSE MATERIAL + ONE CERTIFICATION EXAM ATTEMPT

$449

90 DAYS LAB ACCESS + LIFE TIME ACCESS TO COURSE MATERIAL + ONE CERTIFICATION EXAM ATTEMPT

$699

Exam Reattempt is only for existing or past students of this course who have already purchased this course in the past.

​30 DAYS LAB EXTENSION + ONE CERTIFICATION EXAM ATTEMPT

$249

EXAM REATTEMPT

$99

Course access and one renewal exam attempt is free. If you want to access the lab for practice or need another renewal exam attempt, purchase that from here.

30 DAYS LAB ACCESS FOR CERT RENEWAL

$179

ADDITIONAL RENEWAL EXAM

$29

Terms of Purchase and Use:

You can start your lab access anytime within 90 days of purchase

You need a Google account to access the lab portal azredlabs.enterprisesecurity.io

One Certification Exam attempt is included in the pricing. Additional exam attempts will be $99 each

Once connected over VPN, consider the lab to be a hostile environment and you are responsible for your computer's security

The above lab is a shared environment and certain pre-specified machines will be off-limits

If you want a dedicated lab just for yourself, please use the form in the Contact-Us tab

30 DAYS LAB ACCESS
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT

60 DAYS LAB ACCESS
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT

90 DAYS LAB ACCESS
+
LIFE TIME ACCESS TO COURSE MATERIAL
+
ONE CERTIFICATION EXAM ATTEMPT

30 DAYS
LAB EXTENSION
+
ONE CERTIFICATION EXAM ATTEMPT

EXAM
REATTEMPT