Cloud Application Security
Goals
- Evaluate cloud data storage architectures.
- Analyze data security strategies.
- Evaluate data discovery and classification technologies.
- Evaluate relevant jurisdictional data protections for personally identifiable information (PII).
- Evaluate data rights management.
- Analyze data retention, deletion, and archiving policies.
- Analyze auditability, traceability, and accountability of data events.
- Examine the need for training and awareness in application security.
- Outline cloud software assurance and validation.
- Outline the software development life cycle (SDLC) process.
- Examine the specifics of cloud application architecture.
- Outline appropriate identity and access management (IAM) solutions.
- Manage the physical infrastructure for the cloud environment.
- Manage the logical infrastructure for the cloud environment.
- Outline compliance requirements with regulations and controls.
- Apply risk assessment to the logical and physical infrastructure.
- Analyze the collection, acquisition, and preservation of digital evidence.
Developing Software in the Cloud
- Continuous Integration–Continuous Delivery (CI-CD)
- Common Cloud Application Deployment Pitfalls
- Cloud Application Architecture
Cloud-Secure Software Development Lifecycle
- Software Development Life Cycle (SDLC)
- Secure Software Development Life Cycle (SSDLC)
- Waterfall Methodology
- Agile Methodology
- Secure Coding for Cloud
- Configuration Management and Versioning for the SDLC
- Software bill of materials (SBOM)
- Version Control
- Configuration Management
Cloud Application Assurance and Validation
- Threat Modeling
- Cloud Application Threats
- Injection Attack
- Broken Authentication
- Cross-Site Scripting (XSS)
- Insecure Direct Object Reference (IDOR)
- Security Misconfiguration
- Sensitive Data Exposure
- Broken Access Control
- Cross-Site Request Forgery (CSRF)
- Using Components with Known Vulnerabilities
- Quality Assurance (QA)
- Supply Chain Management
- Software Licensing