How to Secure a Modern Web Application in AWS

In this on-demand webinar, SANS analyst and instructor Shaun McCullough provides an introduction to exploring the vulnerabilities associated with modern web applications, the web application firewalls and DevSec operations that oversee security for continually updating of code. This process, known as threat modeling, is vital to the ability to prioritize vulnerabilities and security operations to meet those challenges. Shaun offers practical recommendations for addressing threats, with a focus on web apps, while running in an IaaS/PaaS cloud service using a DevOps process.

On-demand attendees will learn:

  • The meaning and process of threat modeling and DevOps
  • Threat modeling for a web app front end
  • Risks associated with the DevOps process
  • How to seamlessly integrate security

Speakers:

Shaun McCullough is a community instructor for the SEC545 Cloud Security Architecture class and gives back to his profession by mentoring and supporting the next generation of cyber professionals. With 25 years of experience as a software engineer, he has been focusing on information security for the past 15 years. Shaun is a consultant with H&A Security Solutions, focusing on secure cloud operations, building DevSecOps pipelines, and automating security controls in the cloud. He also served as technical director of red and blue team operations, researched advanced host analytics, and ran threat intelligence on open source platforms in his work with the U.S. Department of Defense.

 
SANS

David Aiken is a Solutions Architect Manager at AWS covering AWS Marketplace, Service Catalog, Migration Services, and Control Tower. He leads a team of specialist AWS SAs that help customers implement security and governance best practices using native AWS Services and Partner products. He is an AWS Certified Solutions Architect and his skills include cloud computing, enterprise architecture, agile methodologies, web services, and software design and development. David has also worked as a product manager, technical specialist, and architect evangelist.

 

About the SANS Institute:

The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world—from auditors and network administrators, to chief information security officers—sharing the lessons they learn and jointly finding solutions to the challenges they face.

About AWS Marketplace:

AWS Marketplace is a digital software catalog that makes it easy to find, try, buy, deploy, and manage software that runs on AWS. AWS Marketplace has a broad and deep selection of security solutions offered by hundreds of independent software vendors, spanning infrastructure security, logging and monitoring, identity and access control, data protection, and more. These products can be integrated with AWS Services and other existing technologies, enabling you to deploy a comprehensive security architecture across your AWS and on-premises environments. Visit aws.amazon.com/marketplace to learn more.

*The views and opinions of the SANS Institute and their presenter, Shaun McCullough, are their own, and do not necessarily reflect the positions of AWS.