Defending Cloud-Based Applications
Course Learning Objectives
- Describe what cloud computing is and its advantages.
- Discover what are the common cloud delivery and deployment models.
- Learn about the attack vectors associated with cloud computing.
- Differentiate between various attacks that could be targeting your cloud application.
- Apply security design principles when developing cloud-based applications.
- Utilize sound cloud security testing techniques.
- Recognize the security risks and concerns with adopting to cloud computing.
This course aims to teach you about common security concerns surrounding cloud-based applications and to some extent, cloud providers. You will also learn about best practices and security concepts involved when creating applications for the cloud, all the way from requirements to deployment.
Cloud application developers
Tailored learning - 60 minutes total
- Cloud Computing Fundamentals
- What is cloud computing?
- Why cloud?
- Cloud delivery models
- Cloud deployment models
- Barriers to cloud adoption
- Characteristics of cloud-based applications
- Security concerns
- Security Objectives
- Cloud security objective
- Cloud attack vectors
- Insecure APIs
- Shared technology
- Cloud service providers
- Cloud users
- Attacks associated with cloud-based applications
- Availability based attacks
- Data security based attacks
- Network security based attacks
- Identity management based attacks
- Security ObjectivesSecure SDLC
- Cloud application security requirements
- Authentication and identification
- Cloud security design principles
- Secure development practices
- Choosing a language
- Coding practices
- Managing user input
- Handling data
- Cloud application security testing
- Security test plan
- Security testing techniques
- Cloud application secure deployment
- Security ObjectivesSecurity Concerns and Challenges
- Standards and compliance
- Cloud standards working group
- Case study: Google apps
- Privacy compliance
- Access control and identity management
- Enterprise identity provider
- Identity management-as-a-service
- Encryption and key management
- Software-based protections
- VM architecture
- + Expand Course Outline