Part 1 - Intro

Video Activity

This lesson offers and introduction to the module which covers Domain 4; Cloud Application Security which covers the following: • Determining data sensitivity • Security responsibilities across models • The software development lifecycle • OWASP Top Ten Vulnerabilities • IAM and Federated Identity Management • Application Security Testing

Join over 3 million cybersecurity professionals advancing their career

Sign up with

or

Already have an account? Sign In »

ISC2 Certified Cloud Security Professional (CCSP)

Course

Time

5 hours 31 minutes

Difficulty

Advanced

CEU/CPE

6

Video Description

This lesson offers and introduction to the module which covers Domain 4; Cloud Application Security which covers the following: • Determining data sensitivity • Security responsibilities across models • The software development lifecycle • OWASP Top Ten Vulnerabilities • IAM and Federated Identity Management • Application Security Testing

Video Transcription

00:04

Okay, let's move on to Chapter four. Domain for module for you'll probably hear you use all of those terms. They all mean the same thing. So with the main four, we have cloud applications, security. And, you know, we've talked about infrastructure. Ah, as a service we talked about platform is the service software as a service,

00:24

and ultimately, many of the things that we're looking to do is make applications.

00:28

Um, tohave our applications hosted in the cloud and did you so in a secure environment. So

00:35

let's talk about some of the ways that we can make our applications more secure. So we start off and we look at determining data sensitivity. Um, how sensitive is the data? What's its value?

00:47

Ah, what are the different security responsibility? So does the security reside with me, the customer or the cloud provider or somewhere in the middle? We'll talk about the software development lifecycle ah, which we always have to consider security, regardless, whether the application's gonna be hosted,

01:03

Then we'll look at something that I consider to be very, very valuable, which is the old lost top 10 list of vulnerabilities.

01:11

So ultimately, ah, the open web application Security project a wasp. Every few years they put out a top 10 list of vulnerabilities, and they make it so you know, they address these vulnerabilities and give some mitigating strategy, so we'll look over those

01:29

and again, that's not necessarily cloud driven. That's universal.

01:33

Ah, we'll also look at identity and access management and Federated Identity Identity Management. And then last but not least, we'll talk about testing our applications for security. So this a good model, very helpful in the realm, off applications security.

Up Next

Part 2 - Determining Data Sensitivity

Part 3 - Who is Responsible for Security in Cloud Models

Part 4 - SDLC in the Cloud

Part 5 - OWASP 1 through 5

Part 6 - OWASP 6 through 10

ISC2 Certified Cloud Security Professional (CCSP)

This online course will guide you through the contents of the CCSP certification exam. Obtaining your CCSP certification shows that you are a competent, knowledgeable, cloud security specialist who has hands-on experience in the field.

Instructed By

Kelly Handerhan

Kelly Handerhan

Senior Instructor