Completed
Additional Attackers
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Threat Modeling Cloud Apps - What You Don't Know Will Hurt You
Automatically move to the next video in the Classroom when playback concludes
- 1 Threat Modeling Cloud Applications - What you Don't Know Will Hurt You
- 2 Agenda Cloud Terminology and Background Threat Modeling Basics
- 3 NIST Cloud Definition Framework
- 4 What is a Threat Model A model of the a software system that depicts
- 5 Threat Modeling - High-level process Diagram the System Structure 2 Idently Assets and Security Controls
- 6 Using S3 Storage Use Case
- 7 Classic Architecture: Primary with DR Site
- 8 Cloud Architecture: Augment DR with AWS
- 9 Threat Modeling - High-level process 1 Diagram the System Structure 2 Identity Assets and Security Controls
- 10 What Does Cloud Do to Our Threat Model?
- 11 To the Cloud - New Application Structure
- 12 Identify the Assets and Security Controls
- 13 AWS Security Control Differences
- 14 EC2 Security Groups An EC2 Security Group is a set of ACCEPT firewall
- 15 Integration with Enterprise Authentication Stand alone application mechanism means that the user store must be provisioned
- 16 Elasticity Drives Change
- 17 Most Common AWS Security Credentials Purpose
- 18 S3 ACLs and Bucket Policies
- 19 Using S3 Drives Design Changes
- 20 Cloud "Doomsday" Scenarios to consider Reprioritized or Changed by Cloud
- 21 Additional Attackers
- 22 Enumeration and Risk Management
- 23 Conclusion