Practical DevSecOps Security Lab
Scenario: Harden vulnerable AWS infrastructure and app dependencies.
- Review
infra/and identify at least 3 misconfigurations. - Make S3 private and enable default encryption (
SSE-KMS). - Replace wildcard IAM access with least-privilege access only for app bucket actions.
- Run Snyk on the app, remediate at least one High/Critical issue, and re-run to verify reduction.
- Summarize improvements and add one SOC 2-relevant next control.
# App
cd app && npm install && npm start
# Snyk (token required: snyk auth)
cd app
snyk test
snyk code test
# Terraform validation
cd infra
terraform init
terraform validate
terraform plan -var "app_bucket_name=bild-pdm-demo-CHANGE_ME"- AWS S3 hardening lab (public-to-private conversion)
- IAM least-privilege policy design lab
- Snyk dependency vulnerability remediation lab
This repository is for security training and interview practice only. It contains intentionally insecure patterns for learning purposes and must not be used in production without a full security review, hardening, and organizational compliance validation.