After completing the course, the student should be able to do the following:
● List and describe the OWASP Top 10 vulnerabilities.
● Identify methods to provide cloud security assurance as part of the development life cycle, e.g. in a continuous delivery environment.
● List and describe the different types of virtualization or sandboxing used to protect cloud applications at either the server or client.
● Describe the application of authentication factors and federated identity solutions in cloud client and server authentication.
● Given a cloud application, explain where and how the necessary crypto keys, passwords, and other security secrets should be stored and distributed.
Overview
Syllabus
- Application Security Risks
- This module introduces the course and reviews OWASP "Top Ten" risks relevant to cloud computing. There are also background videos on packet network operation.
- Architecture and Authentication
- A discussion of server architecture principles and survey of user authentication mechanisms.
- Session Management
- The session mechanism maintains application state across independent, stateless transactions via HTTP or a web API.
- Providers, Crypto, and Scripts
- These videos cover additional topics: provider trust, using provider crypto, and security mechanisms for preventing script-based attacks.
Taught by
Rick Smith