Securing Applications with NGINX

Securing Applications with NGINX

Summary

Securing Applications with NGINX is an 8-hour course for individuals who want a deep understanding of NGINX and NGINX Plus's security features.

Description

In Securing Applications with NGINX students identify and administer client-side and upstream encryption (SSL/TLS), configure access control (limit rates, blacklisting/whitelisting), setup authentication (basic auth, OAuth 2.0), and tune the NGINX proxy to have reliable, persistent, fast, secure connections. The second half of the course explores using NGINX Plus to secure API traffic, authenticate users with OpenID Connect, and blocking malicious traffic with the ModSecurity 3.0 WAF dynamic module

Duration

2 Days

Objectives

  • Gain knowledge of core NGINX security directives
  • Correctly authenticate/sign APIs using NGINX Plus
  • Combine technologies to achieve SSO
  • Install and configure ModSecurity 3.0 WAF
  • Understand the benefits and limitations of OWASP

Audience

Securing Applications with NGINX is intended for NGINX developers, DevOps, and administrators who want to make sure their solutions are a secure as they can be.

Prerequisites

People enrolling in Securing Applications with NGINX should have completed NGINX Core, or have commensurate experience.

Outline

    • Part 1: NGINX Plus Security Best Practices
      • Encryption
      • Lab 1: Set up an HTTPS Server
      • Lab 2: Set up End to End Encryption
      • Access Control
      • Lab 3: Setup Limit Rate + Logging
      • Lab 4: Setup Dashboard and Dynamic Blacklisting
      • Authentication
      • Lab 5: Setup basic_auth
      • Security Tips
      • Lab 6: Persistent Fast SSL
    • Part 2: Enterprise Security
      • Securing API Traffic
      • Lab 7: Setup API Authentication
      • Authorization Protocols
      • Single Sign On
      • Lab 8: Setup SSO using OpenID Connect
      • WAF
      • Lab 9: Install the WAF
      • Lab 10: Configure and Test the WAF
      • OWASP Core Rule Set
      • Lab 11: Enable and Test CRS

Upcoming Classes

Online

Instructor-led online training

Location Jul 2018 Aug 2018 Sep 2018 Oct 2018 Nov 2018
Online Jul 31 – Aug 1
Sep 11 – Sep 12

Classes in bold are guaranteed to run!

Onsite Training

For groups of three or more

Request Quote

Public Training

Online


Don't see a date that works for you?

Request Class