Overview
Duration |
6 days |
Course Time |
9.00am - 5.00pm |
Enquiry |
Click here to contact us
|
This course is delivered by SANS Institute.
SEC588 will equip you with the latest in cloud-focused penetration testing techniques and teach you how to assess cloud environments. The course dives into topics like cloud-based microservices, in-memory data stores, serverless functions, Kubernetes meshes, and containers, as well as identifying and testing in cloud-first and cloud-native applications. You will also learn specific tactics for penetration testing in Azure and Amazon Web Services, particularly important given that AWS and Microsoft account for more than half the market. It's one thing to assess and secure a data center, but it takes a specialized skillset to truly assess and report on the risk that an organization faces if its cloud services are left insecure.
Key Takeaways
At the end of this course, the participants will be able to:
SEC588: Cloud Penetration Testing draws from many skill sets that are required to properly assess a cloud environment. If you are a penetration tester, the course will provide a pathway to understanding how to take your skills into cloud environments. If you are a cloud-security-focused defender or architect, the course will show you how the attackers are abusing cloud infrastructure to gain a foothold in your environments.
The course dives into topics of classic cloud Virtual Machines, buckets, and other new issues that appear in cloud-like microservices, in-memory data stores, files in the cloud, serverless functions, Kubernetes meshes, and containers. The course also covers Azure and AWS penetration testing, which is particularly important given that AWS and Microsoft account for more than half of the market. The goal is not to demonstrate these technologies but rather to teach you how to assess and report on the actual risk that the organization could face if these services are left insecure.
Who Should Attend
Both attack-focused and defense-focused security practitioners will benefit greatly from SEC588 by gaining a deep understanding of vulnerabilities, insecure configurations, and the associated business risk to their organizations. This course benefits penetration testers, vulnerability analysts, risk assessment officers, DevOps engineers, site reliability engineers, and those working in many other areas.
Prerequisites
This course has many labs, so it is critical that students come prepared with the following base level of knowledge:
- Familiarity with Linux bash - Not expert level, but a base understanding.
- Basic familiarity with Azure and AWS CLI tools - Watching a simple introductory video will suffice.
- Base understanding of networking and TCP/IP.
- Rudimentary understanding of the Metasploit CLI console.
- Understanding how pivots work.
ICT and SS Competency Framework
ICT and SS Competency Framework
As part of the ICTCF, this course falls under the Apps Development cluster and tagged to the following competencies:
- Apps Development: Application Security Testing
- Cybersecurity: Cloud Security
- Cybersecurity: Web Application and Penetration Test
The course is mapped to the following job roles:
- Quality Engineer
- Cybersecurity Engineer
- Red Team Engineer
- DevOps Engineer
- Software Engineer
- Data Security Officer
- Security Testing Engineer
Course Structure
This course will cover the following topics in order of day:
- Architecture, Discovery, and Recon at Scales
- Attacking Identity Systems
- Attacking and Abusing Cloud Services
- Vulnerabilities in Cloud-Native Applications
- Infrastructure Attacks and Red Teaming
- Capstone Event
Instructors
Fees
|
Full Fee
|
Full course fee
|
S$11753
|
7% GST on nett course fee
|
S$822.71
|
Total nett course fee payable, including GST |
S$12575.71 |
With effect till 31 Dec 2022
|
Full Fee
|
Full course fee
|
S$11753
|
8% GST on nett course fee
|
S$940.24
|
Total nett course fee payable, including GST |
S$12693.24 |
With effect from 1 Jan 2023 till 31 Dec 2023
|
Full Fee
|
Exam fee (exl. GST)
|
S$1328.60
|
Total exam fee payable, including 7% GST |
S$1421.60 |
With effect till 31 Dec 2022
Upcoming Classes
Class 1
Duration: 6 days
|
15 May 2023 to 20 May 2023 (Full Time)
When :
May:
15, 16, 17, 18, 19, 20(Sat)
Time : Day 1: 8.30am to 5pm; Day 2-6: 9am to 5pm
Registration:
|
Class 2
Duration: 6 days
|
06 Nov 2023 to 11 Nov 2023 (Full Time)
When :
Time : Day 1: 6.30am to 3pm; Day 2-6: 7am to 3pm
Registration:
|
How To Register
Step 1
|
Apply through your organisation's training request system
|
Step 2
|
Your organisation's training request system (or relevant HR staff) confirms your organisation's approval for you to take the course.
Your organisation will send registration information to the academy.
Organisation HR L&D or equivalent staff can click here for details of the registration submission process.
|
Step 3
|
The Digital Academy will inform you whether you have been successful in enrolment.
|