After completing the course, the student should be able to do the following:
● Associate lists of OWASP Top Ten Risks with major cloud cybersecurity risks.
● Apply appropriate cryptographic techniques to secure authentication mechanisms and cloud data.
● Identify the most effective strategies for resisting injection attacks, cross-site scripting attacks, and object deserialization attacks.
● Assess strategies to address risks posed by administrative failures, including misconfiguration, broken access control, vulnerable software components, and security monitoring.
Overview
Syllabus
- Overview of the Top Ten Risks
- Introduce the Top Ten Cloud Risks and their relationship to published OWASP Top Ten risk lists. Examine the highest-priority risk: injection attacks.
- Cloud Risks 2, 3, and 4
- This module reviews risks arising from authentication failures, sensitive data exposure, and availability risks (e.g. flooding).
- Cloud Risks 5, 6, and 7
- This module reviews risks arising from access control failures, security misconfiguration, and cross-site scripting.
- Cloud Risks 8, 9, and 10
- This module reviews risks arising from insecure deserialization, flawed software components, and inadequate logging or monitoring.
Taught by
Rick Smith
