• Goa'17
  • Training
  • Cloud Security For Devs & Ops

Cloud Security For Devs & Ops

Akash Mahajan & Riyaz Walikar

Akash Mahajan Riyaz Walikar

Trainer Name: Akash Mahajan & Riyaz Walikar
Title: Cloud Security For Devs & Ops
Duration: 3 Days
Dates: 28th Feb - 2nd March

Background for the training

Are you someone who is tasked with securing your cloud environment? Are you doing DevOps for your organisation? Are you left with a nagging feeling that what I am doing and deploying is secure or not? Do you wonder if you are following all the security best practices as prescribed by the cloud provider? Are you struggling to keep your cloud instances updated, security groups maintained and basic cloud hygiene?
If you answered yes to any of the questions about, this is the training for you. This 3 day fast paced course with almost everything hands-on exercises will teach you to become secure on the cloud and stay secure while you go about adding new features or managing the production, staging and testing environments. You will be able to being security automation and build security in. And then you will apply DevOps principles to security
The training is for developers, IT staff who are familiar with basics of IT security and now would like to gain experience and knowledge about how to secure their cloud infrastructure and applications hosted on them.
In the entire class we will alternate between using the cloud control panels and using the cloud CLI tools. Therefore, familiarity with the command line is a must for this training. Additionally, we provide code snippets which can supercharge the whole thing

Day 1
  • Cloud Basics Primer
  • Why does Cloud require Security?
  • Security in the Public Cloud/ Infra As A Service
  • Shared sense of security.
  • Data Security in transmission – Hands On
  • Data Security at rest – Hands On
  • Public Clouds GCP, Azure and AWS
  • Basics of Infrastructure Security
  • Hands on
  • Secure Remote Administration of Servers
  • Access Control Mechanisms – Hands On
Day 2
  • Securing the Server OS – Hands On
  • Securing the Server Software – Hands On
  • Securing the Virtual Network – Hands On
  • Maintaining Security
  • Hands On
    1. Setting up secure infra and applications
  • Security Testing
  • Test the security of your instance
  • Create a basic test plan
  • Tools to do network scanning
  • Tools to do application scanning
Day 3
  • Advanced Preview of Attacking and Pwning Cloud Apps and Infra
  • Advanced attacks against Virtualization
  • Global Security Threats
  • Cryptography and Encryption options in the cloud
    1. PKI
    2. Key Management
  • Online Hands-On CTF (3 Hours)

About the Trainer

Riyaz Walikar is the Chief Offensive Security Officer at Appsecco, a company that specializes in Web Application Security. His primary interests lie with application security, penetration testing and security evangelism. He is a security evangelist, offensive security expert and researcher with over 9 years of experience in the Internet and web application security industry. He has many years of experience providing web application security assessments, has lead penetration testing engagements in many countries and performed numerous onsite reviews on infrastructure and system security.
He also leads the Bangalore chapters of OWASP and the null community, actively encouraging participation and mentoring new comers in the industry.
Riyaz is also a frequent speaker at security events and conferences around the world including BlackHat, nullcon, c0c0n, xorconf and OWASP AppsecUSA.
He also dabbles in vulnerability research and has found bugs with several popular online services of major companies including Facebook, Twitter, Google, Cisco, Symantec, Mozilla, PayPal, and EBay. When he is not writing/breaking code, you can find him sleeping, playing football, reading or fishing.

Akash is a Director at Appsecco, a company that specializes in Web Application Security. He is an accomplished security professional with over a decade’s experience of providing specialist application and infrastructure consulting services at the highest levels to companies, governments and organisations around the world.
He has a deep experience of working with clients to provide cutting edge security insight that truly reflects the commercial and operational needs of the organisation from strategic advice to testing and analysis to incident response and recovery.
Akash has also authored a book titled “BurpSuite Essentials” that comes recommended by the creator of BurpSuite itself and is an active participant in the international security community and conference speaker both individually, as chapter lead of the Bangalore chapter of OWASP the global organisation responsible for defining the standards for web application security and as a co-founder of NULL India’s largest open security community.

Copyright © 2016-17 | Nullcon India | International Security Conference | All Rights Reserved