The A's, B's, and Four C's of Testing Cloud-Native Applications
Offered By: LASCON via YouTube
Course Description
Overview
Explore the evolving landscape of testing cloud-native applications in this 48-minute LASCON conference talk. Delve into the A's, B's, and Four C's of modern testing methodologies, examining crucial aspects such as Software Bill of Materials (SBOM), Architectural Bill of Materials, and high-level threat modeling concepts. Learn about API testing, component analysis, compute resources, and cloud configuration. Discover how to create effective data flow diagrams, map threats to asset types, and develop comprehensive test plans. Gain insights into reporting strategies, security and risk management practices, and the role of service owners and developers in the testing process. Conclude with a Q&A session addressing additional resources and audience inquiries.
Syllabus
Intro
Dan Cornell
The More Interesting New Days
What Changed?
Software Bill of Materials (SBOM)
Architectural Bill of Materials
High Level Threat Modeling Concepts
Example Data Flow Diagram
Mapping Threats to Asset Types
Code - API Testing
Components
Compute
Cloud Configuration
So What Does This All Look Like?
Reporting
Security/Risk Management
Service Owner/Developer
Test Plan
If You Have More Resources
Questions and Answers
Taught by
LASCON
Related Courses
Target Rich Cyber PoorBSidesLV via YouTube SBOM Challenges and How to Fix Them
BSidesLV via YouTube The Case for Software Bill of Materials
BSidesLV via YouTube Collaborating to Improve Open Source Security - How the Ecosystem Is Stepping Up
RSA Conference via YouTube Software Bill of Materials - Progress toward Transparency of Third-Party Code
RSA Conference via YouTube