Cloud Security Assessments and Tools

Welcome to the Cloud Security Assessments and Tools practice lab. In this lab, you will be provided with the instructions and devices needed to develop your hands-on skills.

As a cloud security specialist, a crucial part of your skillset would be the ability to detect software vulnerabilities in an infrastructure. As technology advances, there has been a shift in the way in which cyberattacks are conducted.

With companies moving more and more resources to cloud service providers; or making use of hosted infrastructures for specific web applications, it has become crucial that these applications are secure to prevent exploits from cyber security criminals.

In cloud environments, you may choose to perform a Network-based scan, which allows you to easily scan an entire network from a singular host to discover potential risks, or potentially run an Agent-based scan, which instead can be broken up and run on many different hosts, provided that an agent has been installed.

Another method of ensuring that updates and patching completes as smoothly as possible is by implementing Scheduled updates. When enabled, scheduling different updates will stop devices updating automatically (or not at all) and allow administrators to better manage the risk imposed by a particular update.

In this lab, the Damn Vulnerable Web Application (DVWA) will be used to demonstrate how vulnerabilities can be detected by using a software vulnerability scanner. This can also be used in public cloud infrastructures such as Azure.