NCC Group’s AWS security review training is a focused course for security consultants and cloud architects interested in learning how to assess the main elements of a cloud environment based in AWS.
The course will cover the techniques and tools necessary to perform a thorough security review and provide an understanding of the major risks, along with the best security practices that should be considered when designing a cloud infrastructure.
- Introduction to AWS basics
- Hands on with the AWS command line and tools such as Scout Suite, CloudMapper and Prowler
- AWS networking and common issues
- Identity and Access Management (IAM) in-depth including sample policies and interesting attack vectors
- The EC2 service and finding credentials in metadata
- Protecting files stored on S3 and common attacker vectors
- Relational Database Service (RDS)
- Monitoring and logging
- Scripting with AWS
- Applied practical exercises throughout the course
Who Should Take This Course
This course is ideally suited for security consultants and cloud architects interested in learning how to assess the main elements of a cloud environment based in AWS.
What Students Should Bring
- Participants are expected to have some familiarity with Linux, the Linux command line and basic IP networking knowledge
- Attendees should bring a laptop with an SSH client installed. The laptop should not have any corporate security software which restricts Internet access or forces use of a corporate proxy server for browsing
- Recommended setups are: Python installed on Linux, MacOS, Windows with WSL or MobaXTerm (Putty is possible but requires extra setup)
What Students Will Be Provided With
Modular slide deck of the training material.
About The Trainer
Daniele has worked at NCC Group since 2008, he has great experience with various type of security assessments, including network infrastructure, cloud platforms and application security.
He is also the lead of the Cloud practice for the Technical Security Consultancy division – he is responsible for bringing together the various technical skills around assessing infrastructure and applications in the cloud, creating internal methodologies, developing and delivering internal training and performing research around cloud platforms.
Daniele holds the AWS Certified Security – Specialty and CREST CCT Certification in application security testing.