Exam preparation – This domain is in alignment with the August 2022 exam outline
In this course we walk through all of the critical concepts within the Cloud Application Security domain. This domain is 17% of the test as of August 2022. I will guide you through all of the concepts that you need to know and advise you on the level of knowledge that you need to get comfortable with.
What you’ll learn
- Understand what (ISC)2 expects you to know about the Cloud Applications Security domain..
- Comprehend.
- Explain.
- Understand.
Course Content
- Introduction –> 15 lectures • 1hr 34min.
- Cryptography Basics –> 10 lectures • 45min.
- Identity and Access Management –> 4 lectures • 27min.
Requirements
In this course we walk through all of the critical concepts within the Cloud Application Security domain. This domain is 17% of the test as of August 2022. I will guide you through all of the concepts that you need to know and advise you on the level of knowledge that you need to get comfortable with.
There are over two and a half hours of video content plus course notes based on information from my book: Cloud Guardians.
We will explore the software development lifecycle (SDLC), to include the phases and the methodologies for moving through those phases.
It is important to know the risks to applications including any that are cloud specific. We will talk about SQL injections and buffer overflows and the like. The more that you know of these threats from the Pandemic 11 to OWASP and the SANS Top 20 the better prepared you will be for the exam.
Threat modeling techniques are also key. We will look at STRIDE and DREAD and a couple of others.
Testing application is very critical. This is our most common attack point these days. We will talk about closed box and open box testing as well as DAST, SAST and IAST.
There is also a great need to take care with the supply chain involved in creating software today. We have learned from recent attacks that the supply chain can be compromised.
We finish with discussion about maturity models and data rights management/information rights management and maturity models.