• Online, Self-Paced
Course Description

In a developing landscape where end user applications are moving to a cloud-hosted infrastructure, the traditional application development design life cycle is redefined. The application design process must be security-aware and must protect cloud-hosted applications and data from an increasing attack vector density. This course covers various aspects of cloud computing relating to the security of cloud-based application software and supporting hardware and services. The course outlines various aspects of application security and access, including designing in security, peripheral security components, and securing access to services and hosted applications. The course covers the essential topics for the ISC2's Certified Cloud Security Professional examination – Domain 4 requirements.

Learning Objectives

Cloud Application Security Awareness

  • start the course
  • describe awareness and required training to develop an understanding of security focus areas relating to cloud applications
  • describe common issues relating to the development of cloud-based applications
  • describe common security issues relating to Cloud-hosted applications
  • define the importance of foreknowledge regarding cloud application vulnerabilities and OWASP research

 

Cloud Application Validation

  • describe the application development life cycle with reference to cloud security
  • define functional testing as it relates to cloud-based application software
  • describe application testing with reference to cloud security
  • describe SAST, DAST, and Penetrative Testing methodologies

 

Utilizing Verified Software

  • outline the deployment of verified and approved APIs
  • describe the significance of surfacing the Supply-Chain with reference to cloud-hosted application software

 

Software Development Life Cycle

  • define the mechanics, phases, and methodologies associated with application development
  • define how business requirements impact on application development and throughout the application life time
  • describe requirements and best practices for application configuration, and version management

 

Application Development Security

  • define known threats and security issues that must be considered when developing cloud-hosted applications
  • define cloud-specific risks, and assimilate to mitigate threat within the design and during the operational phases of cloud-hosted applications
  • define how to analyze security threats and risks to an application

 

Cloud Application Architecture

  • describe associated hardware/software components related to the security of cloud applications
  • define security protocols and measures associated with application data and data packet protection
  • describe isolation and sandboxing as it applies to cloud-hosted applications
  • describe the virtualization technology associated with cloud-hosted applications

 

Identity and Access Solutions

  • describe Federated Identity and its deployment for cloud-hosted application authorization and access
  • define Single Sign-On/Off and its place within the cloud service security framework
  • describe and deploy Multifactor Authentication within a cloud service security framework

 

Practice: Cloud Application Security

  • describe the phase of NIST's SDLC and define the difference between SDLF and S-SDLC

 

Framework Connections

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.