Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Threat Modeling Cloud Apps - What You Don't Know Will Hurt You

LASCON via YouTube

Overview

Explore threat modeling for cloud applications in this 45-minute LASCON conference talk. Learn essential cloud terminology, threat modeling basics, and the NIST Cloud Definition Framework. Discover how to create effective threat models for cloud systems, including diagramming system structure and identifying assets and security controls. Examine the impact of cloud architecture on traditional threat models, focusing on AWS services like EC2 and S3. Investigate security considerations such as EC2 Security Groups, enterprise authentication integration, and S3 ACLs and Bucket Policies. Address cloud-specific "doomsday" scenarios, reprioritized threats, and additional attacker profiles. Gain insights into enumeration and risk management techniques for cloud environments, equipping yourself with the knowledge to protect cloud applications from potential threats.

Syllabus

Threat Modeling Cloud Applications - What you Don't Know Will Hurt You
Agenda Cloud Terminology and Background Threat Modeling Basics
NIST Cloud Definition Framework
What is a Threat Model A model of the a software system that depicts
Threat Modeling - High-level process Diagram the System Structure 2 Idently Assets and Security Controls
Using S3 Storage Use Case
Classic Architecture: Primary with DR Site
Cloud Architecture: Augment DR with AWS
Threat Modeling - High-level process 1 Diagram the System Structure 2 Identity Assets and Security Controls
What Does Cloud Do to Our Threat Model?
To the Cloud - New Application Structure
Identify the Assets and Security Controls
AWS Security Control Differences
EC2 Security Groups An EC2 Security Group is a set of ACCEPT firewall
Integration with Enterprise Authentication Stand alone application mechanism means that the user store must be provisioned
Elasticity Drives Change
Most Common AWS Security Credentials Purpose
S3 ACLs and Bucket Policies
Using S3 Drives Design Changes
Cloud "Doomsday" Scenarios to consider Reprioritized or Changed by Cloud
Additional Attackers
Enumeration and Risk Management
Conclusion

Taught by

LASCON

Reviews

Start your review of Threat Modeling Cloud Apps - What You Don't Know Will Hurt You

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.