Domain 4: Cloud Application Security
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Domain 4, Cloud Application Security.
00:00
In this lesson, we're going to give
00:00
an overview of the concepts in domain 4.
00:00
Talk about why the concepts around
00:00
application security are so
00:00
important for Cloud security overall,
00:00
and then we're going to connect many of the concepts
00:00
in domain 4 to
00:00
the other domains that we've covered so far.
00:00
Domain 4 focuses on application security.
00:00
At this point in domain 1,
00:00
we covered all of the various Cloud technologies,
00:00
security and operating models, service models.
00:00
In domain 2, we talked about the security of data,
00:00
where it is, how do you
00:00
classify it and how is it best protected.
00:00
In domain 3, we really focused on many of
00:00
the physical app and operational concerns when it
00:00
comes to Cloud infrastructure.
00:00
Now, we're going to rise up
00:00
those service models when we think about
00:00
more platform as a service
00:00
and software as a service to
00:00
focus on secure application development in
00:00
the Cloud and that starts with
00:00
a secure software development life cycle.
00:00
Then, we want to talk about
00:00
really important concepts such
00:00
as identity and access
00:00
management when it comes to applications.
00:00
We've talked about logical access
00:00
and reviewing access in the past.
00:00
But how do we ensure that
00:00
the right people are getting access
00:00
to various applications that
00:00
are being hosted in the Cloud,
00:00
and how do we develop
00:00
appropriate access authentication authorization tools
00:00
when developing applications?
00:00
We're going to talk about many of
00:00
the technologies and softwares that
00:00
are involved in developing secure Cloud applications.
00:00
We're going to talk about the process,
00:00
for how do you really apply
00:00
intelligent security testing to
00:00
applications in the Cloud.
00:00
How do we make sure that applications
00:00
run as well as they can,
00:00
but do so in a secure manner.
00:00
In order to really have valid testing,
00:00
we have to understand all of
00:00
the application security threats that are out there.
00:00
We're going to talk about the OWASP Top 10.
00:00
The most major 10 threats
00:00
that we see to Cloud applications.
00:00
All these things in concert will really give you
00:00
a robust understanding of
00:00
the elements of developing
00:00
secure applications in the Cloud.
00:00
Let's reflect for a moment.
00:00
What Cloud applications are
00:00
you responsible for protecting?
00:00
This is really contingent on
00:00
your service model and your Cloud model,
00:00
but more likely than not,
00:00
you are utilizing many Cloud applications
00:00
and yet to really be mindful that you
00:00
are still the data owner
00:00
and responsible for ensuring that that
00:00
>> data is protected,
00:00
>> even if it is going into a Cloud application.
00:00
If you're in a development environment,
00:00
what are the steps of
00:00
your software development lifecycle?
00:00
Many people who get
00:00
involved in security have a technical background,
00:00
are involved in software development,
00:00
but they may not always think
00:00
about the software development lifecycle
00:00
from a security perspective
00:00
and we're going to get more into that in domain 4.
00:00
Then, how are
00:00
application security threats
00:00
identified at your organization?
00:00
In domain 4, we're going to go through many,
00:00
or at least certain approaches to threat
00:00
modeling when it comes to Cloud applications,
00:00
that will give you a stronger sense
00:00
of how to look at an application
00:00
and think about potential vulnerabilities
00:00
that threat actors may take advantage of,
00:00
when trying to exploit it.
00:00
In summary, we talked about the topics covered in
00:00
domain 4 at Cloud application security.
00:00
We talked about the importance of these concepts.
00:00
This is really an extension
00:00
to a different component of the Cloud.
00:00
One of the benefits of the Cloud is the ability to
00:00
create and spin up development environments.
00:00
Now we want to think about,
00:00
how do we ensure that those environments
00:00
and the application process is done in a secure manner?
00:00
Then we talked about how
00:00
these concepts relate to everything
00:00
we've covered so far in the other modules.
00:00
I hope you're excited to learn about
00:00
Cloud application security,
00:00
and I'll see you in the next lesson.
Up Next
Instructed By
Similar Content
