Day 5 Challenge — Secure the Cloud Application
Day 5 Challenge — Secure the Cloud Application
You have reached the final part of the course.
During the previous days, you investigated identity, access, networking, data exposure, monitoring, logging, pipelines, API security, compliance, and automation.
In this challenge, you bring everything together in one small project.
Scenario
The cloud application is working, but it is not yet production-ready.
Your task is to review the available course files, inspect the current deployment, identify the most important security issues, and improve the environment step by step.
You may use all labs, Terraform files, application code, pipeline files, KQL queries, documentation, and notes from the previous days.
Challenge
Improve the cloud application so that it is more secure, observable, and manageable.
Focus on practical improvements. Do not try to make everything perfect. Choose the changes that reduce the most risk.
Requirements
Your final solution should include improvements in the following areas.
1. Identity and access
Review the current roles and identities.
Check whether users, managed identities, service principals, or pipeline identities have more access than they need.
Apply least privilege where possible.
2. Network and data security
Review which resources are publicly reachable.
Decide what should stay public and what should become private or restricted.
Check whether sensitive data is protected correctly.
3. Monitoring and logging
Make sure important activity can be investigated.
Use logs, diagnostic settings, Application Insights, Log Analytics, KQL queries, or alerts where useful.
4. DevSecOps
Review the delivery pipeline.
Add or improve useful checks, such as:
- tests
- type checks
- dependency scanning
- SAST
- IaC scanning
- API scanning
Make sure the deployment process is safer than a manual “deploy and hope” workflow.
5. Compliance and governance
Look for simple compliance problems, such as:
- missing tags
- public resources
- weak configuration
- missing diagnostic settings
- overly broad permissions
Where possible, document or automate how these problems should be detected or prevented.
Suggested approach
- Map the current application and infrastructure.
- Identify the most important risks.
- Pick a small number of improvements.
- Apply the changes using the available files.
- Test that the application still works.
- Prove that your security improvements are active.
- Prepare a short final report.
Final deliverables
At the end of the challenge, prepare a short summary with:
- the risks you found
- the changes you made
- the files you changed
- how you tested the result
- what still needs improvement
- what you would automate next in a real environment
Reflection questions
Answer these questions at the end:
- Which issue created the biggest risk?
- Which fix gave the most security value for the least effort?
- Did any security improvement break functionality?
- What would you monitor first in production?
- Which manual check should become automated?
- What would you improve next if you had more time?
Goal
This challenge is not about using every tool.
The goal is to show that you can apply the full security cycle:
inspect
→ understand risk
→ improve
→ verify
→ monitor
→ document
→ automate where useful