Google Cloud Armor

No video

Google Cloud Armor - Deep Dive

Рет қаралды 13,131

Күн бұрын

Deep dive on Google Cloud Armor where you will learn:
What is Google Cloud Armor
Learn Google Cloud Armor Key Concepts
Security Policies
Rules Language
Preconfigured WAF rules
Named IP address lists
Google Cloud Armor Adaptive Protection
Demo
Deploying OWASP Juice Shop websites on Cloud VM(s)/Load Balancer
Explore vulnerabilities on the website
Configure Cloud Armor and fix vulnerabilities
Fix SQL Injection
Fix Cross Site Scripting (XSS)
Fix Local File Inclusion (LFI)
Fix Directory Listing
Testing
Logging/Monitoring
OWASP Juice Shop Test Setup Script: gist.github.com/salimpadela/d...
Rules Language Reference: cloud.google.com/armor/docs/r...
List of Preconfigured WAF rules: cloud.google.com/armor/docs/r...
OWASP ModSecurity Core Rule Set: coreruleset.org/
Chapters:
0:00:00 Introduction to Google Cloud Armor
0:19:11 Demo - Setup OWASP Juice Shop Test Application
0:33:29 Demo - Exploit SQL Injection Vulnerability
0:35:44 Demo - Setup Cloud Armor
0:47:20 Demo - Troubleshooting False Positive Response And Fixing It
0:47:20 Demo - Verify SQL Injection Vulnerability Is Fixed
0:55:09 Demo - Exploit Cross Site Scripting (XSS) Vulnerability
0:55:40 Demo - Fix Cross Site Scripting (XSS) Vulnerability
1:02:31 Demo - Exploit Local File Inclusion (LFI) Vulnerability
1:04:09 Demo - Fix Local File Inclusion (LFI) Vulnerability
1:05:36 Demo - Exploit Directory Listing/Browsing Vulnerability (Request Path)
1:07:03 Demo - Fix Directory Listing/Browsing Vulnerability (Request Path)

Пікірлер: 32

@slickray1411 Жыл бұрын

Just started to use Cloud Armor. This video is very helpful and instructive. Thanks

@namdeoamit 14 күн бұрын

Just stared to learn GCP and this video was very good. It covered all the topics in very simple and easy to understand language, thanks for making this helpful and instructive video.

@CloudMonkey 13 күн бұрын

Glad you enjoyed it!

@rfranciscos236 Жыл бұрын

Thank you for the detailed explanation

@CloudMonkey 6 ай бұрын

Glad you liked it!

@GovindraoKatture Жыл бұрын

Awesome...

@govardhananks8815 Жыл бұрын

Nice video for understanding cloud armor

@CloudMonkey Жыл бұрын

Glad you liked it

@amitpawar3859 Жыл бұрын

Nice video and very informative.. Keep up the great work sir.. Thanks

@CloudMonkey Жыл бұрын

Thank you

@user-nf8ux8wy9q 6 ай бұрын

it is helpful.

@amitbajpai3431 6 ай бұрын

Thank you so much for this video

@CloudMonkey 6 ай бұрын

You are so welcome!

@anandnerurkar8482 Жыл бұрын

very good info. thanks for sharing video.

@CloudMonkey 6 ай бұрын

Glad you liked it!

@lovemishti8296 Жыл бұрын

Superb explanation 😊😊

@CloudMonkey 6 ай бұрын

Glad you liked it!

@ChandrashekharVerma-ci3gi Жыл бұрын

Thanks for the video, It's very informative, Looks like in the custom rule language there is no option to match the request body and deny access. If it is available, then I would love to have it on your next video.

@patrickroyce3956 Ай бұрын

Nicely done!! best detailed video I came across

@CloudMonkey Ай бұрын

Glad it was helpful!

@marcpinke9413 5 ай бұрын

Are the WAF rules already turned on just by creating the policy or do you have to assign them by hand in order for the WAT to run them? Love the video!

@NarenderPanwar-dk9vy Жыл бұрын

Very nice explanation. But I am not getting the logs in Policy logs. How do I add the ID now?

@valentinursuleac3933 Жыл бұрын

How to exclude specific URL from inspection?

@AndresLeonRangel 10 ай бұрын

can you go granular on the rules? Too much exclusion cant be good

@JaimohanR Жыл бұрын

is there a way to block .exe files using cloud armor

@nishantmishra73 Жыл бұрын

Hey I am testing cloud armor but im getting some false positive with specific "string" in the POST request. Can I write a specific allow rule to bypass the blocking rule? Eg if "string" is present in the POST request then ALLOW request.

@CloudMonkey Жыл бұрын

I don’t think you can write a rule from scratch. You may want to explore excluding those rules that block like I showed you in the video.