Overview/Description
In a developing landscape where end user applications are moving to a cloud-hosted infrastructure, the traditional application development design life cycle is redefined. The application design process must be security-aware and must protect cloud-hosted applications and data from an increasing attack vector density. This course covers various aspects of cloud computing relating to the security of cloud-based application software and supporting hardware and services. The course outlines various aspects of application security and access, including designing in security, peripheral security components, and securing access to services and hosted applications. The course covers the essential topics for the ICS2's Certified Cloud Security Professional examination – Domain 4 requirements.
Target Audience
This course is intended for IT professionals including managers, engineers, and technical staff intending to take the CCSP examination.
describe awareness and required training to develop an understanding of security focus areas relating to cloud applications
describe common issues relating to the development of cloud-based applications
describe common security issues relating to Cloud-hosted applications. Define the importance of foreknowledge regarding cloud application vulnerabilities and OWASP research
describe the application development life cycle with reference to cloud security
define functional testing as it relates to cloud-based application software
describe application testing with reference to cloud security. Describe SAST, DAST, and Penetrative Testing methodologies
outline the deployment of verified and approved APIs
describe the significance of surfacing the Supply-Chain with reference to cloud-hosted application software
define the mechanics, phases, and methodologies associated with application development
define how business requirements impact on application development and throughout the application life time
describe requirements and best practices for application configuration, and version management
define known threats and security issues that must be considered when developing cloud-hosted applications
define cloud-specific risks, and assimilate to mitigate threat within the design and during the operational phases of cloud-hosted applications
define how to analyze security threats and risks to an application
describe associated hardware/software components related to the security of cloud applications
define security protocols and measures associated with application data and data packet protection
describe isolation and sandboxing as it applies to cloud-hosted applications
describe the virtualization technology associated with cloud-hosted applications
describe Federated Identity and its deployment for cloud-hosted application authorization and access
define Single Sign-On/Off and its place within the cloud service security framework
describe and deploy Multifactor Authentication within a cloud service security framework
describe the phase of NIST's SDLC and define the difference between SDLF and S-SDLC