As cloud technology has become increasingly predominant in the last decade, more and more companies have been choosing to migrate to the cloud to leverage its cost-efficient services. Due to the hectic market pace, cloud security is often overlooked, thus leading to critical cyber attacks that can result in severe impacts, e.g., massive data leaks. Therefore, training appropriate personnel to secure cloud-native applications against these newly emerging threats is necessary. Currently, among the different cloud security training projects available, no environment is completely safe and gives full legal freedom since public providers host them, incurring their limitations. The proposed work aims to fill such a gap, discussing the implementation of a toolkit that can be used to implement a local cyber range safe and legally free from cloud providers’ constraints that can host vulnerable cloud-native applications to create training scenarios. The said toolkit was used to host our vulnerable-by-design cloud-native application. It was successively administered to a class of students through a CTF competition to assess its educative potential.
Cloud-Native Application Security Training and Testing with Cyber Ranges / Russo, Enrico; Longo, Giacomo; Guerar, Meriem; Merlo, Alessio. - (2023). (Intervento presentato al convegno 15th International Conference on Ubiquitous Computing & Ambient Intelligence (UCAmI 2023) tenutosi a Riviera Maya; Mexico) [10.1007/978-3-031-48590-9_20].
Cloud-Native Application Security Training and Testing with Cyber Ranges
Giacomo Longo;
2023
Abstract
As cloud technology has become increasingly predominant in the last decade, more and more companies have been choosing to migrate to the cloud to leverage its cost-efficient services. Due to the hectic market pace, cloud security is often overlooked, thus leading to critical cyber attacks that can result in severe impacts, e.g., massive data leaks. Therefore, training appropriate personnel to secure cloud-native applications against these newly emerging threats is necessary. Currently, among the different cloud security training projects available, no environment is completely safe and gives full legal freedom since public providers host them, incurring their limitations. The proposed work aims to fill such a gap, discussing the implementation of a toolkit that can be used to implement a local cyber range safe and legally free from cloud providers’ constraints that can host vulnerable cloud-native applications to create training scenarios. The said toolkit was used to host our vulnerable-by-design cloud-native application. It was successively administered to a class of students through a CTF competition to assess its educative potential.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.