YoVDO

Mitigating Log4Shell and Similar Vulnerabilities Using Cloud Services

Offered By: ChariotSolutions via YouTube

Tags

Cloud Security Courses Network Security Courses AWS Security Courses Web Application Firewalls Courses Secrets Management Courses Log4Shell Courses

Course Description

Overview

Explore how cloud services can help mitigate vulnerabilities like Log4Shell in Java applications. Learn to block attacks, prevent data exfiltration, protect sensitive information, and perform forensic analysis in cloud environments. Discover strategies for securing web applications, implementing network security measures, and leveraging cloud-native features to enhance overall application security. Gain insights into using Web Application Firewalls, VPC Endpoints, Internet Proxies, and AWS-specific tools like Security Groups and Cloud Trail Events. Understand the importance of proper secrets management and multi-account strategies in maintaining a robust security posture for Java applications deployed in the cloud.

Syllabus

Intro
An Unanticipated Collision of Features
RCE May Not Be The Real Concern
Lift 'n' Shift Web App
Cloud-native Web App
Web Application Firewall
Real-world Apps Talk to the Outside World
Typical deployment: use a NAT
Simple case: Security Group egress rules
Alternative: VPC Endpoints
Alternative: Internet Proxy
Using a Proxy with the Java V2 SDK
Network Firewall
Application Roles
Multi-Account
Service Control Policies
Secrets, not Environment Variables
Cloud Trail Events


Taught by

ChariotSolutions

Related Courses

Microsoft Azure for Node.js Developers - Building Secure Services and Applications
Pluralsight
Configuring and Managing Microsoft Azure Key Vault
Pluralsight
Threat Modeling: Information Disclosure in Depth
LinkedIn Learning
Getting Started with HashiCorp Vault
Pluralsight
Installing and Configuring HashiCorp Vault
Pluralsight