🔥README

Certified Azure Web Application Security Professional (CAWASP)

29 Learning Objectives, 72 Tasks > 115 hours of learning

Contact me on LinkedIn : https://cli-ck.me/rfs

Learn about Azure services & Azure AD components.
Gain understanding about the Service Models supported by Azure & Azure Architecture.
Learn the process of discovering & enumerating Azure & Azure AD resources.
Learn about the access control mechanism supported by Azure for granting privileges to the end users.

Understand about the Application services that are offered by Azure.
Gain deep understanding about App Service and its environment.
Understand how to deploy code in App Service and understand about various configuration options that can be applied for any application leveraging App Service.
Understand about the management portal of App Service.
Learn how to exploit web application vulnerabilities and extract information from the applications hosted on App Service.
Learn about various Rest API endpoints that are offered by Azure for managing various service.

Deep dive into OAuth, Authentication and Authorization process.
Gain understanding about JTW tokens and the type of tokens that are supported by Azure like ID Token, Access Token, Refresh Token.
Understand about Managed Identity and the process to enumerate and request access token.

Learn about Web Application Firewall.
Learn about the services such as Application Gateway, Front Door, CDN that are offered by Azure which supports WAF.
Gain the understand of the process that can be followed to bypass WAF.

Learn and explore App Registration and Enterprise App components offered by Azure AD.
Understand how Illicit Consent Grant Attacks works and learn to write a simple function app that can allow us to capture the token information and save the same in table storage.
Learn about Microsoft Graph API and ways to abuse misconfigure permissions.
Learn about Conditional Access Policies and how it can help us in restricting the users from gaining access to the resources.

Understand what are Function Apps, how it is deployed in Azure and the functionality.
Gain understanding of stateful Function App feature known as Durable Function Apps.
Learn how to exploit vulnerability in Function App and extract information.
Learn ways to read the source code or create a new function in the Function App by leveraging Master Key.

Learn and understand about Key Vaults and its Rest API endpoints.
Understand Access Controls methods that Key Vault supports
Understand the need of using recover policies.
Learn how to leverage various RBAC roles and Key Vault access policies to extract the secrets and decrypted the encrypted values.

Learn and understand about Storage Accounts, Types of storage services.
Understand about various Access Control methods such as AAD User, Shared Key, Shared Access Signature, Connection String.
Learn how to leverage various options to gain access to the Storage account.

Learn about various Database services offered by Azure such as Cosmos DB, Azure SQL, PostgreSQL, MySQL/MariaDB.
Understand the benefits of using specific Database services.
Understand the ways to gain access to Cosmos DB account and extract information.

Learn about Application Proxy and its Components.
Understand the authentication workflow of the Application Proxy.
Learn about Azure API Management service and understand how it can help us to protect and restrict the APIs.

Gain understanding of Microsoft Defender for Cloud Apps solution, Architecture and features.
Gain understanding of what is Microsoft Defender for Cloud, how it can help us to secure the infrastructure.
Learn about various alerts that can be triggered if it is integrated with App Service.

Learn about approach that can be followed to secure/protect various resources hosted in Azure.

Last updated 10 months ago

Was this helpful?