Thinking like an attacker is the crux of DevSecOps. During this session, we will put on our hoodies and go after vulnerabilities in our web application.
During Week 3, we'll accomplish the following objectives:
- Understand AWS multi-tiered cloud architecture
- Deploy a vulnerable application (e.g.
RailsGoat) on AWS - Understand some hacking techniques, such as SQL Injection, Command Injection, Authentication Bypass ...etc.
Knowing how to use AWS will help you with today's labs because it is where we will study the security defects of our weak app. This lesson is a quick introduction to some of the basics to set the stage for this week's labs.
Now that we know a few basics, it's time to put our hands-on deploying an application to AWS for our lab work. In this lesson we will work on understanding control plan and assumer concepts to make it possible for you to set up user access separate from resources used in an account.
During Lesson 3, we will use Rails goat to exploit web application defects. The labs for this session will help you to get familiar with Burp Suite and some fuzzing techniques.