Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

SEC540-new-tag

NEW! Microsoft Azure Lab Environment

Authored byEric Johnson
Eric Johnson

SEC540: Cloud Security and DevSecOps Automation has released another major update that will help you in your efforts to build cloud infrastructure with Terraform, deploy resources to the Azure Cloud, and better understand the Container Security Lifecycle. Since the inception of SEC540, the lab environment has had a heavy focus on deploying and securing resources in the AWS Cloud. At the end of every class, I always ask students for feedback about their experience and how we can improve the course. By far, the most common feedback was:

  • The AWS labs are very exciting and challenging, but I wish we could do the labs in Azure.
  • I’d love to get more hands-on experience with Terraform!

To my past students, we heard you! In the spirit of continuous improvement, the SEC540 author team set a goal in the 2021 update to go multicloud, build full support for deploying the lab environment in Azure, and bring in security tooling for equivalent Azure analysis. This required a tremendous amount of engineering effort, documentation, and support from SANS. We are all proud to announce that SEC540’s lab environment now supports a dual path option for students to choose AWS or Azure as their cloud infrastructure provider!

Picture1.png

Microsoft Azure Lab Environment

Students choosing the Azure Lab environment will experience a different toolchain, with a few common tools where possible:

  • Azure deploys using over 2,000 lines of Terraform configuration code
  • Checkov scans the Terraform configuration and identifies misconfigurations
  • Azure DevOps pipelines build the lab environment’s container images and store images in the Azure Container Registry (ACR)
  • Azure Kubernetes Service (AKS) manages the lab environment’s container runtime
  • Azure Application Gateway routes traffic to Kubernetes, manages blue green deployments, and enforces Web Application Firewall (WAF) policies
  • Azure Log Analytics, Container Insights, and Rule Alerts manage application telemetry and notifications
  • Azure API Management hosts APIs and Azure Functions perform custom JSON Web Token (JWT) validation
  • Microsoft Defender for Cloud monitors resource configuration and Workload Protection performs threat detection
  • Cloud Custodian Azure Policies provide a cloud-agnostic way to auto-remediate misconfigured resources

Read more details below on the section-by-section updates.

SEC540: Cloud Security and DevSecOps Automation

SEC540.1: DevOps Security Automation

  • CI / CD security misconfigurations, GitHub Actions security, and best practices for hardening CI / CD pipelines.

SEC540.2: Cloud Infrastructure Security

  • Cloud Infrastructure as Code: In depth walk through of the HashiCorp language, Terraform configuration, Terraform Modules. Detailed command line examples for applying Terraform configuration and managing Terraform state.
  • Container Security Lifecycle: Refreshed content focusing on the Container Security Lifecycle:
  • Pre-commit: hadolint, trusted image suppliers, conftest policies, distroless images, multi-stage builds, docker secrets, and docker scan
  • Version Control / CI CD: Scanning images with Trivy and signing images with Project Sigstore Cosign
  • Container Registry: Enabling cloud native image scanning, immutable tag policies, and registry role-based access control policies
  • Container Orchestration: Enforcing security policy with admission controller, validating cosign signatures, and runtime protection with Falco

SEC540.3: Cloud Security Operations

  • Cloud Workload Security review for Azure Application Gateway, Azure Kubernetes Service, and Azure Storage Accounts
  • Running OWASP Dependency Check in Azure Devops pipelines for Software Composition Analysis (SCA) / Supply chain scanning
  • Using Azure Monitor Log Analytics, Container Insights, and Kusto Query Language (KQL) queries for detecting alerts and sending notifications

SEC540.4: Cloud Security as a Service

  • Blue / Green deployments with Azure Application Gateway
  • Azure CDN Token Authentication, Symmetric Keys, and Policies
  • Azure API Management, Endpoints, and Authorization Policies
  • Building and Deploying Azure Functions with Terraform

SEC540.5: Compliance as Code

  • Creating Policy as Code with InSpec, AWS Service Control Policies, and Azure Policy
  • Azure Application Gateway WAF configuration and custom rules
  • Continuous compliance, detection, and automated remediation with Azure Event Grid, AWS Event Bridge, AWS Security Hub Automated Response & Remediation, and Cloud Custodian Azure Policy

DevOps is the set of cultural and technical practices that enable teams to deliver value to their stakeholders quickly, securely and reliably. Take SEC540: Cloud Security and DevSecOps Automation and let us teach you how. Read the full course description here.

Meet the expert

Eric Johnson
Eric Johnson

Eric Johnson

Senior Instructor

Eric is a co-founder and principal security engineer at Puma Security focusing on modern static analysis product development and DevSecOps automation. He is co-author and instructor for three SANS Cloud Security courses.

Read more about Eric Johnson
Another Major Update to SEC540: Cloud Security and DevSecOps Automation | SANS Institute