Menu

Cloud Application Security

  1. Advocate Training and Awareness for Application Security
    • Cloud Development Basics
    • Common Pitfalls
    • Common Cloud Vulnerabilities
  2. Describe the Secure Software Development Life Cycle (SDLC) Process
    • Business Requirements
    • Phases and Methodologies
  3. Apply the Secure Software Development Life Cycle (SDLC)
    • Avoid Common Vulnerabilities During Development
    • Cloud-specific Risks
    • Quality Assurance
    • Threat Modeling
    • Software Configuration Management and Versioning
  4. Apply Cloud Software Assurance and Validation
    • Functional Testing
    • Security Testing Methodologies
  5. Use Verified Secure Software
    • Approved Application Programming Interfaces (API)
    • Supply-chain Management
    • Third Party Software Management
    • Validated Open Source Software
  6. Comprehend the Specifics of Cloud Application Architecture
    • Supplemental Security components (e.g., Web Application Firewall (WAF), Database Activity Monitoring (DAM), Extensible Markup Language (XML) firewalls, Application Programming Interface (API) gateway)
    • Cryptography
    • Sandboxing
    • Application Virtualization and Orchestration
  7. Design Appropriate Identity and Access Management (IAM) Solutions
    • Federated Identity
    • Identity Providers
    • Single Sign-On (SSO)
    • Multi-factor Authentication
    • Cloud Access Security Broker (CASB)

CCSP

  1. Cloud Concepts, Architecture, and Design
  2. Cloud Data Security
  3. Cloud Platform and Infrastructure Security
  4. Cloud Application Security
  5. Cloud Security Operations
  6. Legal, Risk, and Compliance