YoVDO

Threat Modeling Cloud Apps - What You Don't Know Will Hurt You

Offered By: LASCON via YouTube

Tags

LASCON Courses Risk Management Courses Cloud Architecture Courses Cloud Security Courses Threat Modeling Courses AWS Security Courses

Course Description

Overview

Explore threat modeling for cloud applications in this 45-minute LASCON conference talk. Learn essential cloud terminology, threat modeling basics, and the NIST Cloud Definition Framework. Discover how to create effective threat models for cloud systems, including diagramming system structure and identifying assets and security controls. Examine the impact of cloud architecture on traditional threat models, focusing on AWS services like EC2 and S3. Investigate security considerations such as EC2 Security Groups, enterprise authentication integration, and S3 ACLs and Bucket Policies. Address cloud-specific "doomsday" scenarios, reprioritized threats, and additional attacker profiles. Gain insights into enumeration and risk management techniques for cloud environments, equipping yourself with the knowledge to protect cloud applications from potential threats.

Syllabus

Threat Modeling Cloud Applications - What you Don't Know Will Hurt You
Agenda Cloud Terminology and Background Threat Modeling Basics
NIST Cloud Definition Framework
What is a Threat Model A model of the a software system that depicts
Threat Modeling - High-level process Diagram the System Structure 2 Idently Assets and Security Controls
Using S3 Storage Use Case
Classic Architecture: Primary with DR Site
Cloud Architecture: Augment DR with AWS
Threat Modeling - High-level process 1 Diagram the System Structure 2 Identity Assets and Security Controls
What Does Cloud Do to Our Threat Model?
To the Cloud - New Application Structure
Identify the Assets and Security Controls
AWS Security Control Differences
EC2 Security Groups An EC2 Security Group is a set of ACCEPT firewall
Integration with Enterprise Authentication Stand alone application mechanism means that the user store must be provisioned
Elasticity Drives Change
Most Common AWS Security Credentials Purpose
S3 ACLs and Bucket Policies
Using S3 Drives Design Changes
Cloud "Doomsday" Scenarios to consider Reprioritized or Changed by Cloud
Additional Attackers
Enumeration and Risk Management
Conclusion


Taught by

LASCON

Related Courses

AWS Security Fundamentals
Amazon via Independent AWS Security and Governance Administration for Professionals
Udemy Designing for Advanced Security within AWS
Pluralsight AWS Developer: Deployment and Security
Pluralsight Securing AWS Networks
Pluralsight