Deep dive on Google Cloud Armor where you will learn:
What is Google Cloud Armor
Learn Google Cloud Armor Key Concepts
Security Policies
Rules Language
Preconfigured WAF rules
Named IP address lists
Google Cloud Armor Adaptive Protection
Demo
Deploying OWASP Juice Shop websites on Cloud VM(s)/Load Balancer
Explore vulnerabilities on the website
Configure Cloud Armor and fix vulnerabilities
Fix SQL Injection
Fix Cross Site Scripting (XSS)
Fix Local File Inclusion (LFI)
Fix Directory Listing
Testing
Logging/Monitoring
OWASP Juice Shop Test Setup Script: https://gist.github.com/salimpadela/d875888a83eb5c42ed85a0eaaa31d50d
Rules Language Reference: https://cloud.google.com/armor/docs/rules-language-reference
List of Preconfigured WAF rules: https://cloud.google.com/armor/docs/rule-tuning
OWASP ModSecurity Core Rule Set: https://coreruleset.org/
Chapters:
0:00:00 Introduction to Google Cloud Armor
0:19:11 Demo - Setup OWASP Juice Shop Test Application
0:33:29 Demo - Exploit SQL Injection Vulnerability
0:35:44 Demo - Setup Cloud Armor
0:47:20 Demo - Troubleshooting False Positive Response And Fixing It
0:47:20 Demo - Verify SQL Injection Vulnerability Is Fixed
0:55:09 Demo - Exploit Cross Site Scripting (XSS) Vulnerability
0:55:40 Demo - Fix Cross Site Scripting (XSS) Vulnerability
1:02:31 Demo - Exploit Local File Inclusion (LFI) Vulnerability
1:04:09 Demo - Fix Local File Inclusion (LFI) Vulnerability
1:05:36 Demo - Exploit Directory Listing/Browsing Vulnerability (Request Path)
1:07:03 Demo - Fix Directory Listing/Browsing Vulnerability (Request Path)