Application Security in the Cloud
-
COURSE DATES AND LOCATIONS
DATE
Duration
LOCATION
FEES
Book Now
-
INTRODUCTION
When organizations move applications to the cloud they increase their security risks. As a cloud security professional, you have to implement more security controls over how data and applications are protected on the cloud. The cloud is a major technology shift and hence there is an inevitable need to provide it with a strong authentication framework.
This course will show you how to protect your cloud applications from costly security breaches. You will learn to overcome cloud infrastructure security challenges, implement business continuity and disaster recovery planning, and apply a variety of approaches to encrypting your data. You will also learn to perform security testing of the applications hosted on cloud services, and various security solutions to secure your application data on the cloud.
-
COURSE OBJECTIVES
- Tackle security challenges related to cloud applications.
-
Manage various cloud delivery and deployment models.
-
Secure data on the cloud by mastering business continuity and disaster recovery planning.
-
Eliminate the risks associated with cloud infrastructure by performing VAPT.
-
Integrate security in software development life cycles.
- Perform security testing of cloud applications using SAST/DAST tools and manual penetration testing.
- Secure your cloud infrastructure using various security solutions such as WAF, DAM, SSL, TLS, and more.
-
COURSE AUDIENCE
This course is made for :
- IT security professionals who are involved with IT architecture security and web application and cloud security.
- Anyone who needs to keep cloud applications secure will benefit from this course.
-
COURSE OUTLINE
Day One
- IT security and secure coding
- Nature of security
- What is risk?
- IT security vs. secure coding
- From vulnerabilities to botnets and cybercrime
Day Two
- Cloud abuse by the attackers
- Insider threats – malicious other tenants
- Problems stemming from virtualization
- Elevation of privilege
- Leakage of sensitive information
- Hard coded secrets
- Exercise – Hard coded passwords
- Intellectual property exposure
- Insecure delegation
Day Three
- Functional testing vs. security testing
- Security vulnerabilities
- Prioritization – risk analysis
- Security testing techniques and tools
Day Four
- DoS introduction
- Economic Denial of Sustainability (EDoS)
- Asymmetric DoS
- Regular expression DoS (ReDoS)
Day Five
- Patch management
- Insecure APIs in the cloud
- Vulnerability repositories
- Vulnerability attributes
- Common Vulnerability Scoring System – CVSS
- Vulnerability management software
- Exercise – checking for vulnerable packages