HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.
Azure Application Security Lab (CAWASP)

Azure Application Security Lab (CAWASP) 7GB 2025

No permission to download
You don't need to like the resource to download it.
You have reached your daily download limit.
You have bypassed the message count limit.
Overview History Discussion

Azure Application Security Lab (CAWASP)

Azure Application Security Lab Objectives:​

Applications are vital components of an enterprise. Hence application security also becomes an integral part of the enterprise network that helps prevent security vulnerabilities against various threats. Currently, most enterprises are leveraging Cloud services to deploy/host their applications. So, it is equally important to secure those applications. The attack surface for the applications deployed/hosted in the cloud changes drastically and varies between cloud service providers.
Azure Application Security Lab (CAWASP)

Azure is a cloud service provider that offers multiple cloud services that are very popular in enterprise environments. In this course, we will explore and learn about various enterprise application services offered by Azure like App Service, Function Apps, Enterprise Applications, API Management, Cosmos DB, SQL Server etc.



This hands-on class covers abusing application flaws/misconfiguration, features, and interoperability to compromise an enterprise-like live lab environment. Each student gets a dedicated lab! As a bonus, there is a shared lab to practice with fellow students. The class also covers security controls useful in defending against the discussed attacks.



Are you an Application Security professional, Developer, or Cloud Security professional and want to level up your skills in securing and assessing modern applications hosted in Azure ? Then this course has something for everyone to learn and improve by and practicing in the lab environment. The course will focus on methodology and techniques through instructor demos, exercises, and hands-on labs.

What's Included​

Red Team Lab, Red Team Certifications, Red Team Trainings, Azure Pentesting, Azure Security

  • Access to two lab environments (One/Two/Three months) with live Azure environment. Labs can be accessed using a web browser or VPN. One of the labs is a dedicated lab with focused challenges. The second lab is a shared enterprise-like environment.
  • A ready to use student VM in the cloud that has all the tools pre-installed.
  • Life time access to all the learning material (including course updates).
  • 17+ hours of video course.
  • Course slides.
  • Lab manual.
  • Walk-through videos.
  • One exam attempt for Certified Azure Web Application Security Professional (CAWASP) certification.
  • Support on email and Discord.

What will you Learn?​

The Azure Application Security course will enable you to:

  • Improve your skills by exploiting vulnerabilities like RCE, Blind RCE, SSTI, LFI and many more in modern web applications hosted in our live Azure lab.
  • Learn to bypass defenses like Conditional Access by abusing MS Graph API and evading Azure WAF.
  • Understand and abuse App Registrations & Enterprise Apps in a live Azure lab.
Azure Application Security Lab (CAWASP)

  • Execute attacks against modern cloud native database services like Cosmos DB.
  • Learn about various Authentication & Authorization methods, Access Control methods supported by Azure and its services.
  • Practice and execute attacks against services used to develop and deploy applications in Azure.
  • Understand how the applications are deployed by leveraging App Service and Function Apps service offered by Azure and explore supported configuration options.
  • Execute attacks against misconfigured services.
  • Executer attacks against services that store sensitive information or data in the cloud. Understand how to manage access to those services and explore ways to gain access to those data.
  • Learn and explore services like Azure WAF, Conditional Access, MDCA, CASB, MDC that help the enterprise protect against attacks on Identities, Applications, Azure tenants, etc.

Prerequisites for the course​

  • Basic understanding of Azure and Entra ID is desired but not mandatory.
  • Basic understanding of Cloud Security is desired but not mandatory.

What will you Learn?​



29 Learning Objectives, 72 Tasks > 115 hours of learning


Module I: - Introduction​

  • Learn about Azure services & Azure AD components.
  • Gain understanding about the Service Models supported by Azure & Azure Architecture.
  • Learn the process of discovering & enumerating Azure & Azure AD resources.
  • Learn about the access control mechanism supported by Azure for granting privileges to the end users.


Module II: - Applications (App Services, APIs)
  • Understand about the Application services that are offered by Azure.
  • Gain deep understanding about App Service and its environment.
  • Understand how to deploy code in App Service and understand about various configuration options that can be applied for any application leveraging App Service.
  • Understand about the management portal of App Service.
  • Learn how to exploit web application vulnerabilities and extract information from the applications hosted on App Service.
  • Learn about various Rest API endpoints that are offered by Azure for managing various service.

Module III: - Authentication & Authorization​

  • Deep dive into OAuth, Authentication and Authorization process.
  • Gain understanding about JTW tokens and the type of tokens that are supported by Azure like ID Token, Access Token, Refresh Token.
  • Understand about Managed Identity and the process to enumerate and request access token.


Module IV: - Azure WAF​

  • Learn about Web Application Firewall.
  • Learn about the services such as Application Gateway, Front Door, CDN that are offered by Azure which supports WAF.
  • Gain the understand of the process that can be followed to bypass WAF.

Module V: - App Registrations, Enterprise Apps & Conditional Access Policy​

  • Learn and explore App Registration and Enterprise App components offered by Azure AD.
  • Understand how Illicit Consent Grant Attacks works and learn to write a simple function app that can allow us to capture the token information and save the same in table storage.
  • Learn about Microsoft Graph API and ways to abuse misconfigure permissions.
  • Learn about Conditional Access Policies and how it can help us in restricting the users from gaining access to the resources.

Module VI: - Function Apps​

  • Understand what are Function Apps, how it is deployed in Azure and the functionality.
  • Gain understanding of stateful Function App feature known as Durable Function Apps.
  • Learn how to exploit vulnerability in Function App and extract information.
  • Learn ways to read the source code or create a new function in the Function App by leveraging Master Key.

Module VII: - Key Vaults
  • Learn and understand about Key Vaults and its Rest API endpoints.
  • Understand Access Controls methods that Key Vault supports
  • Understand the need of using recover policies.
  • Learn how to leverage various RBAC roles and Key Vault access policies to extract the secrets and decrypted the encrypted values.

Module VIII: - Storage Accounts​

  • Learn and understand about Storage Accounts, Types of storage services.
  • Understand about various Access Control methods such as AAD User, Shared Key, Shared Access Signature, Connection String.
  • Learn how to leverage various options to gain access to the Storage account.

Module IX: - Databases​

  • Learn about various Database services offered by Azure such as Cosmos DB, Azure SQL, PostgreSQL, MySQL/MariaDB.
  • Understand the benefits of using specific Database services.
  • Understand the ways to gain access to Cosmos DB account and extract information.


Module X: - Application Proxy & Azure API Management
  • Learn about Application Proxy and its Components.
  • Understand the authentication workflow of the Application Proxy.
  • Learn about Azure API Management service and understand how it can help us to protect and restrict the APIs.


Module XI: - Microsoft Defender for Cloud & Microsoft Defender for Cloud Apps
  • Gain understanding of Microsoft Defender for Cloud Apps solution, Architecture and features.
  • Gain understanding of what is Microsoft Defender for Cloud, how it can help us to secure the infrastructure.
  • Learn about various alerts that can be triggered if it is integrated with App Service.


Module XII: - Defense
  • Learn about approach that can be followed to secure/protect various resources hosted in Azure.

Certification​

Certified Azure Web Application Security Professional (CAWASP)
The CAWASP is a completely hands-on certification. The student must solve the exam lab that consists of realistic challenges deployed in Azure to earn the certification. The students will have 24 hours to solve the complete exam lab.


To keep the certificate updated with changing skills and technologies, there is an expiry time of three years for it.
CAWASP Badge.png

In case you must retake the exam, a re-attempt fee of $99 is applicable. There is a cool down period of one month before a student can appear in the exam again. The student will get an exam environment from the pool of our different exam labs. After total 3 attempts (1 included with the lab and two additional attempts), a student must wait for a cool down period of 6 months.



Certificate Expiry and Renewal

To keep the certificate updated with changing skills and technologies, there is an expiry time of three years for it. The renewal exam is FREE before the certificate expires. CAWASP can also be renewed by taking
This link is hidden for visitors. Please Log in or register now.
. Please take a look at this blog post for more details:
This link is hidden for visitors. Please Log in or register now.


Exam Structure
The students get access to a dedicate exam lab for 24 hours that is deployed in Azure. The students will have to compromise all the applications and resources present in the exam lab to earn the certification.

At the end of the exam, students need to submit a report detailing solutions to challenges along with proof of completion.

Certificate Benefits
A Certified Azure Web Application Security Professional (CAWASP) demonstrates hands-on knowledge of application security in Azure.


A certification holder would have practical knowledge of doing security assessments of various web application technologies on Azure (like Enterprise Apps, App Services, Functions, OAuth Permissions, API Security, Storage Accounts, Key Vaults, Databases etc.) and understanding of security controls (WAF, MDCA, MDC, Conditional Access etc.) that could be used for defense.
Azure Application Security Lab (CAWASP)


Download​

Free download for users PRIV8
Password
htdark.com
Author
dEEpEst
Downloads
0
Views
252
First release
Last update

Ratings

0.00 star(s) 0 ratings
Join the discussion More information

More resources from dEEpEst

Share this resource

Back
Top