Security is really, really important. This sounds obvious, but it’s worth repeating over and over again. No matter how strongly we emphasize security, we continue to see news stories about breaches and data leaks that affect millions. The fact is that no matter how clever the app or how profitable the website, it can all disappear in a moment if the wrong person gets access to your system.

That’s why we’re launching our AWS Security Basics Quest on Cloud Assessments. Building functional, efficient infrastructure is important, but it needs to be secure. In our new Quest, you’ll test your skills using several fundamental security concepts and services on AWS. Anyone can learn to secure an S3 bucket or enable encryption on an EBS volume, but we’ve designed our Quest to show you exactly why these concepts are so critical and how they apply in the real world.

In this Quest, you’ll follow the story of Travel Salmon, a fictional vacation service that’s finally beginning to grow. But like any growing business, they will face a number of issues related to data security, compliance, and network security along the way. You’ll face real-world scenarios (Challenges) that will allow you to prove your abilities in securing their infrastructure using live AWS environments.

First, you’ll configure the company’s VPC so that different pieces of infrastructure can communicate securely. Next, you’ll be responsible for a number of S3 buckets that serve various functions, ranging from photo hosting to sensitive data storage. Finally, you’ll implement encryption on a variety of services within their systems. By the time you’re finished, you’ll have proven that you have the fundamentals down pat, and you’ll have helped the company grow from a pre-launch startup to a competitive player in the travel industry.

The idea of real-world scenarios like these is key to our learning philosophy. Watching videos and reading blog posts can only take you so far; hands-on learning gives you the experience and confidence you need to be successful when you’re using these systems in production. Not only should you understand how to use these systems, but you should understand why they’re important and how they work together. By solving these problems in the context of a real company, we believe you’ll gain a more solid overall understanding of the core security concepts on AWS.

So how do you get started? If you’re ready to take the challenge and prove your AWS security skills, you can log in to Cloud Assessments and enroll right now!

Alternatively, if you’d like to learn more about the fake company you’ll be working for (and maybe earn some swag in the process), check out the Travel Salmon website. On the site, you’ll see a few of the different ways in which infrastructure security can affect the company, as well as a few Easter eggs hidden throughout. Check it out and let us know in the comments what you find!

About This Author

Phil Zona is an assessment architect for Cloud Assessments. When he's not writing, he enjoys web development, cooking (and eating), and watching videos of animals behaving like humans.

7 thoughts on “Introducing our AWS Security Basics Quest

  1. Hey Phil,

    Nice exercise! It’s good to do something different before wrapping up and going home

    Here’s what I found so far:

    1. The buttons “About Us”, “Photos” and “Contact” expose a plain file with customers’ details: http://travelsalmon.com/customerData.txt

    2. http://travelsalmon.com/login.html page is http, not https which means the data will be transferred plaintext

    3. html pages (index and login) contain all sorts of interesting leftovers, lines 40-66 in login.html and 157-184 in the index.html (I’ll leave decoding the password for later, instead of doing it in my head I better just run it)

    4. Default error page exposing the product used and locations which while not specifically harmful yet doesn’t come from a ‘best practices’ list

    Thanks,
    Pavel

    1. Nice work, Pavel! I think you found all the big issues, but let us know if you’re able to crack the admin password on the login form and we may have something for you 🙂

Post a Reply

Your email address will not be published. Required fields are marked *