Want to see Live Online in action? SANS is launching a new series of free workshops available in the Live Online platform, held every other Tuesday at 1:00pm EDT (17:00 UTC) with our top instructors. These workshops are two-hour hands-on virtual environments that give you the opportunity to dive into the material and start trying out tools and techniques that are useful and relevant in focus areas across cybersecurity.
The upcoming workshops are listed out below and will feature the same platform, TA support, and Slack channel benefits that you would get in a Live Online environment. We recommend bookmarking this page and checking back frequently, as we'll be adding more in the days and weeks to come.
Due to the nature of these workshops, many have a capacity limit and will not be made available for archive. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.
Free Upcoming Live Online Workshops
Firebase: Google Cloud's Evil Twin
Tuesday, October 06, 2020 at 1:00pm EDT (17:00 UTC)
Duration: 2 Hours
Firebase is the most popular developer tool that security's never heard of. It started out as a SaaS database that you can connect to directly from a frontend application, a terrifying concept that violates fundamental security principles. It has evolved into a cloud platform with authentication, hosting, storage, and machine learning capabilities. Google acquired Firebase in 2014, and since then, it has loosely integrated these offerings into its Cloud Platform while maintaining the Firebase brand.
Firebase is extremely popular in modern web development. Because it allows the developer to create impressive applications without writing any backend code, it is a common choice for newer developers. In-fact, it is one of the first technologies taught in several coding bootcamp programs. Although many senior developers will avoid it due to security and performance concerns, it is still commonly used to create proof of concept applications, even within a large enterprise. All too often, these applications find themselves in production because the effort to re-architect them is too costly. AppSec teams need to grapple with this reality.
This workshop will go over fundamental Firebase concepts, security pitfalls, and mitigation strategies. It will feature lab exercises where the participants will use, abuse, and lock-down Firebase services. By the end of the workshop, participants will be confident that they can perform a security assessment at their company for a platform that leverages Firebase. If you think your company does not use Firebase, think again. This platform is lurking in a shadow cloud account somewhere outside of your security organization's purview. By understanding it, we can guide lean development teams to move both quickly and safely with security guardrails.
If you would like to learn more about cloud platform security, SEC510: Multicloud Security Assessment and Defense covers AWS, Azure, GCP, and the role Firebase plays in Google's larger cloud strategy. For more details, visit http://sec510.com/
System Requirements: A web browser with internet access and admin permissions.
*Please note that this WILL NOT be recorded. Due to the nature of these workshops, many have a capacity limit and will not be made available for archive. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.
What is Live Online Training?
Instructor-led, remote delivery of SANS courses & more. SANS Live Online events provide interactive training with all the same additional learning opportunities as in-person events. Choose your course, network with peers, and attend bonus sessions and cyber ranges.
Benefits of Live Online
- Live, interactive sessions with SANS instructors
- Flexible options to complete courses in 1, 2, 3, or 6 weeks
- Hands-on labs in a virtual environment
- Four months of online access to the archive of your course
- Extended access to your course MP3 archive
- Electronic courseware and materials