Cloud Application Security

After completing the course, the student should be able to do the following: ● List and describe the OWASP Top 10 vulnerabilities. ● Identify methods to provide cloud security assurance as part of the development life cycle, e.g. in a continuous delivery environment. ● List and describe the different types of virtualization or sandboxing used to protect cloud applications at either the server or client. ● Describe the application of authentication factors and federated identity solutions in cloud client and server authentication. ● Given a cloud application, explain where and how the necessary crypto keys, passwords, and other security secrets should be stored and distributed.

• Application Security Risks
• This module introduces the course and reviews OWASP "Top Ten" risks relevant to cloud computing. There are also background videos on packet network operation.
• Architecture and Authentication
• A discussion of server architecture principles and survey of user authentication mechanisms.
• Session Management
• The session mechanism maintains application state across independent, stateless transactions via HTTP or a web API.
• Providers, Crypto, and Scripts
• These videos cover additional topics: provider trust, using provider crypto, and security mechanisms for preventing script-based attacks.