Applications are vital components of an enterprise. Hence application security also becomes an integral part of the enterprise network that helps prevent security vulnerabilities against various threats. Currently, most enterprises are leveraging Cloud services to deploy/host their applications. So, it is equally important to secure those applications. The attack surface for the applications deployed/hosted in the cloud changes drastically and varies between cloud service providers. Azure is a cloud service provider that offers multiple cloud services that are very popular in enterprise environments. In this course, we will explore and learn about various enterprise application services offered by Azure like App Service, Function Apps, Enterprise Applications, API Management, Cosmos DB, SQL Server etc. This hands-on class covers abusing application flaws/misconfiguration, features, and interoperability to compromise an enterprise-like live lab environment. Each student gets a dedicated lab! As a bonus, there is a shared lab to practice with fellow students. The class also covers security controls useful in defending against the discussed attacks.
Syllabus
- Introduction
- Applications (App Services, APIs)
- Authentication & Authorization
- Azure WAF
- App Registrations, Enterprise Apps & Conditional Access Policy
- Function Apps
- Key Vaults
- Storage Accounts
- Databases
- Application Proxy & Azure API Management
- Microsoft Defender for Cloud & Microsoft Defender for Cloud Apps
- Defense
