Cloud Application Security


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level



Overview/Description
In a developing landscape where end user applications are moving to a cloud-hosted infrastructure, the traditional application development design life cycle is redefined. The application design process must be security-aware and must protect cloud-hosted applications and data from an increasing attack vector density. This course covers various aspects of cloud computing relating to the security of cloud-based application software and supporting hardware and services. The course outlines various aspects of application security and access, including designing in security, peripheral security components, and securing access to services and hosted applications. The course covers the essential topics for the ICS2's Certified Cloud Security Professional examination – Domain 4 requirements.

Target Audience
This course is intended for IT professionals including managers, engineers, and technical staff intending to take the CCSP examination.

Prerequisites
None

Expected Duration (hours)
2.2

Lesson Objectives

Cloud Application Security

  • start the course
  • describe awareness and required training to develop an understanding of security focus areas relating to cloud applications
  • describe common issues relating to the development of cloud-based applications
  • describe common security issues relating to Cloud-hosted applications. Define the importance of foreknowledge regarding cloud application vulnerabilities and OWASP research
  • describe the application development life cycle with reference to cloud security
  • define functional testing as it relates to cloud-based application software
  • describe application testing with reference to cloud security. Describe SAST, DAST, and Penetrative Testing methodologies
  • outline the deployment of verified and approved APIs
  • describe the significance of surfacing the Supply-Chain with reference to cloud-hosted application software
  • define the mechanics, phases, and methodologies associated with application development
  • define how business requirements impact on application development and throughout the application life time
  • describe requirements and best practices for application configuration, and version management
  • define known threats and security issues that must be considered when developing cloud-hosted applications
  • define cloud-specific risks, and assimilate to mitigate threat within the design and during the operational phases of cloud-hosted applications
  • define how to analyze security threats and risks to an application
  • describe associated hardware/software components related to the security of cloud applications
  • define security protocols and measures associated with application data and data packet protection
  • describe isolation and sandboxing as it applies to cloud-hosted applications
  • describe the virtualization technology associated with cloud-hosted applications
  • describe Federated Identity and its deployment for cloud-hosted application authorization and access
  • define Single Sign-On/Off and its place within the cloud service security framework
  • describe and deploy Multifactor Authentication within a cloud service security framework
  • describe the phase of NIST's SDLC and define the difference between SDLF and S-SDLC
  • Course Number:
    cl_csip_a04_it_enus

    Expertise Level
    Intermediate