After completing the course, the student should be able to do the following:
● List and describe the OWASP Top 10 vulnerabilities.
● Identify methods to provide cloud security assurance as part of the development life cycle, e.g. in a continuous delivery environment.
● List and describe the different types of virtualization or sandboxing used to protect cloud applications at either the server or client.
● Describe the application of authentication factors and federated identity solutions in cloud client and server authentication.
● Given a cloud application, explain where and how the necessary crypto keys, passwords, and other security secrets should be stored and distributed.
Application Security Risks
This module introduces the course and reviews OWASP "Top Ten" risks relevant to cloud computing. There are also background videos on packet network operation.
Architecture and Authentication
A discussion of server architecture principles and survey of user authentication mechanisms.
The session mechanism maintains application state across independent, stateless transactions via HTTP or a web API.
Providers, Crypto, and Scripts
These videos cover additional topics: provider trust, using provider crypto, and security mechanisms for preventing script-based attacks.