Here's What you can Learn from the Palo Alto Breach
SANS Cloud Security
The most trusted source of cloud security training, certification, and research.
"Security products often provide web applications that administrators and users can access. However, overlooking basic security measures in these applications can result in severe consequences. For instance, Palo Alto Networks did not properly validate the format of session IDs before using them as file names. This oversight led to a path traversal vulnerability. Compounded by a configuration error, the vulnerability’s severity increased, allowing attackers to write files in locations that the telemetry process would later execute. This capability to create files escalated to an unauthenticated remote code execution problem. Recent history has shown that such fundamental vulnerabilities in products like Ivanti Connect Secure and Citrix Gateway can cause significant damage." - Dr. Johannes Ullrich , SANS Faculty Fellow and founder of the Internet Storm Center
Free Curated Cloud Security Resources
Wings of Innovation: Transitioning to Containerization | Hands-on Workshop
FREE Thursday, June 13 | 10am ET | 1400 UTC
Aviata Cloud Chapter 3: Wings of Innovation: Transitioning to Containerization is a hands-on workshop led by Ahmed Abugharbia that delves into the essentials of Kubernetes, teaching participants about it's architecture, deployment options, and security practices to facilitate a successful transition to a containerized infrastructure. Learn to deploy and secure applications effectively through free, practical exercises this June.
The adventures of the Aviata Cloud company and our SANS Cloud Security workshop series will run monthly from April through December 2024.
Nine Key Cloud Security Concentrations & SWAT Checklist | Poster
This free downloadable poster describes top cloud security concentrations broken down by each of the Big 3 Cloud providers: AWS, Azure, and GCP. It also includes a SWAT checklist that provides an easy-to-reference set of best practices that raise awareness and help development teams create more secure applications.
JWTs: The Good, the Bad, and the Ugly (Security Edition) | Webcast | GitHub
Cybersecurity expert and SANS certified instructor, Joshua Barone , unpacks the complexities of JWT security, reveals common vulnerabilities, and shares essential best practices to enhance your token-based authentication strategies.
This webcast includes a demo environment for authentication and authorization using JSON Web Tokens (JWT) and demonstrates potential security vulnerabilities associated with JWT.
Take the SANS 2024 Multicloud Survey: Securing Multiple Clouds Amid Constant Changes
This survey explores the reasons multicloud users make specific cloud adoption decisions, as highlighted in past surveys.
Complete this survey for a chance to win a $400 Amazon gift card as a thank you for your participation.
领英推荐
Web Application Security Awareness Training FREE Trial
Role-based developer training for any skill level. Don't let security vulnerabilities compromise your applications or your organization's reputation. Access your trial today and bring consistent secure coding principles to your development teams
CloudSecNext 2024 | Summit | Training
Dive into the future of cybersecurity at the CloudSecNext Summit, where industry leaders converge in person or online to tackle the latest cloud security challenges through expert-led workshops, real-world case studies, and invaluable networking opportunities, enhancing your skills and career in an ever-evolving digital landscape.
"Summits are a great way to meet and talk to the trail blazers; the individuals who each in their own way help shine a light for the rest of the community." - Michael D, ViaSat, Inc.
It's not a Matter of If, but When. Be Prepared for a Web Attack
Application Security: Securing Web Applications, APIs, and Microservices | SEC522
Security teams need a deep understanding of AWS, Azure, and Google Cloud services to lock them down properly. Checking off compliance requirements is not enough to protect the confidentiality, integrity, and availability of your organization's data, nor will it prevent attackers from taking your critical systems down. With the right controls, organizations can reduce their attack surface and prevent security incidents from becoming breaches. Mistakes happen. Limit the impact of the inevitable.
Did you know that any SANS Alumni of SEC522 can take it at anytime in the future for 50% off? Email [email protected] for more information.
"I am very glad I took this course because there are not many instructors on platforms like Udemy or YouTube that have the knowledge the instructor has. He is very knowledgeable and when asking a question, he goes in-depth about the concept. What I love the most is that his professional experience working in the field helps us understand more about real-life examples." - Alisa C, SEC522 Student
GIAC Web Application Defender Certification | GWEB
The GIAC Web Application Defender (GWEB) certification validates expertise in securing web applications. It focuses on key issues like input validation flaws, XSS, and SQL injection, and includes comprehensive knowledge of authentication, access control, and session management. Candidates will demonstrate their ability to use current tools to manage security risks and enhance the safety of both new and existing web applications.
Cloud Ace Engineer | Prevent - Automate - Defend
Looking to become a Cloud Security Engineer ? Here’s how:
Visit the SANS Cloud Security Curriculum Page | Preview SANS Courses | Connect with Our Solutions Team | Join the SANS Community