Overview
Cloud-native applications bring tremendous benefits in scalability, resilience and rapid deployment, but they also introduce new security challenges. As organisations move from traditional infrastructure to cloud platforms, attackers have evolved their techniques, shifting focus from exploiting infrastructure vulnerabilities to targeting applications, cloud configurations and identity systems.
This intensive workshop provides developers, architects, DevOps and DevSecOps engineers with practical understanding of securing software deployed in cloud environments. Through real-world breach analysis, hands-on exploitation exercises and comprehensive threat modelling, you'll learn to identify, exploit and mitigate cloud-specific vulnerabilities. Starting with fundamental security concepts and progressing through IAM, network security, serverless architectures and sophisticated attack patterns, you'll gain both offensive and defensive cloud security skills.
By the end of this workshop, you'll understand how attackers target cloud applications, how to implement layered security controls and how to apply systematic threat modelling to cloud architectures. The course is provider-agnostic in its core principles, but includes concrete examples from major cloud platforms (AWS, Azure, GCP) where specific implementations vary.
Outline
Fundamental security concepts
- Understanding today's security landscape: current threats and real-world breach consequences
- Learning from major security incidents and modern cloud breaches
- The attacker perspective: motivations, capabilities and tactics
- The CIA triad and data classification in cloud contexts
- Core security principles and their implications for cloud applications
- The shared responsibility model: where cloud provider security ends and yours begins
Defence in depth and cloud architecture
- Layered security approaches for cloud environments
- Network segmentation strategies using cloud-native constructs
- Understanding and defending against social engineering attacks
- Security at multiple layers: network, application, data and identity
- Shared responsibility across service models (IaaS, PaaS, SaaS)
Identity and access management
- IAM fundamentals: users, groups, roles and when to use each
- Creating effective policies without over-permissioning
- Implementing least-privilege access and why it matters
- IAM best practices: MFA, credential rotation and privileged account security
- Service accounts and workload identity
- Federation and single sign-on for cloud resources
- Common IAM misconfigurations and their exploitation
Securing cloud infrastructure
- Virtual network fundamentals and cloud network architecture
- Compute instance firewalls and network access controls at multiple levels
- Object storage security: access controls and public exposure risks
- Encryption at rest and in transit
- Content delivery security for distributed applications
- Private endpoints and service-to-service communication
- Compute instance metadata services: security implications and protections
- Infrastructure isolation and segmentation strategies
Effective logging and monitoring
- Building a comprehensive logging strategy for cloud environments
- Cloud audit trails: tracking API calls and configuration changes
- Network flow logs and understanding traffic patterns
- Log aggregation, retention and centralised logging architectures
- What to log and what not to log: avoiding sensitive data in logs
- Security monitoring, alerting and detecting anomalous behaviour
Finding and managing vulnerabilities
- Common cloud misconfigurations and how to avoid them
- Vulnerability scanning approaches for cloud workloads
- Recent security incidents: lessons learned and supply chain security
- Configuration compliance and drift detection
- Cloud security posture management and assessment tools
- Integrating security scanning into deployment pipelines
Serverless security
- Understanding the serverless security model and shared responsibility
- Serverless-specific vulnerabilities and attack vectors
- Function-level security: permissions, resource limits and trigger protection
- Secrets management in serverless applications
- Dependency management and supply chain security for serverless
- Monitoring and logging for serverless workloads
Cloud attack chains
- Understanding complete attack chains: from reconnaissance to impact
- Initial access techniques: exploiting exposed services and credentials
- Privilege escalation: how attackers gain elevated permissions in cloud environments
- Persistence mechanisms: maintaining access across cloud services
- Lateral movement and data exfiltration in cloud architectures
Advanced cloud threats
- IAM exploitation: how attackers abuse identity systems
- Server-Side Request Forgery (SSRF) attacks against cloud metadata services
- Secrets management failures and credential exposure
- Analysis of modern cloud breach patterns and attack techniques
- Defending against sophisticated attack chains
- Detection and response in cloud environments
Threat modelling cloud applications
- Why cloud applications need specific threat modelling approaches
- The STRIDE model applied to cloud architectures
- Cloud-specific threat categories: misconfiguration, excessive permissions and data exposure
- Creating data flow diagrams for cloud-native applications
- Discovering critical paths and high-value targets
- Translating threat models into security requirements and testing strategies
Requirements
This course is designed for developers, architects, DevOps engineers and DevSecOps practitioners at all levels who are building or operating applications in cloud environments.
No prior security experience is required, though participants should have at least 6 months of experience building applications. Familiarity with basic cloud concepts is helpful for context, though cloud fundamentals can be covered throughout the workshop. Participants would benefit from prior knowledge of common web vulnerabilities or attending our Web Application Security workshop.
The course is a mixture of demonstrations, real-world breach analysis, hands-on exploitation exercises and collaborative threat modelling sessions. A laptop capable of connecting to cloud-based virtual machines is required. We use industry-standard security tools including ScoutSuite and others throughout the practical exercises.
This workshop can be tailored to 2 or 3 days depending on your team's experience and focus areas. Additional time can be allocated for cloud fundamentals if needed.