Overview
-
Learn the core concepts of cloud application security as you prepare for the fourth domain of the Certified Cloud Security Professional (CCSP) exam.
Syllabus
-
Introduction
- Securing cloud applications
- What you need To know
- Study resources
- Development methodologies
- Secure software development life cycle (SDLC)
- Maturity models
- Operation, maintenance, and change management
- DevOps
- SOA and microservices
- Common cloud vulnerabilities
- Application security
- Preventing SQL injection
- Understanding cross-site scripting
- Request forgery
- Directory traversal
- Overflow attacks
- Cookies and attachments
- Session hijacking
- Code execution attacks
- Privilege escalation
- Secure coding guidance
- Input validation
- Parameterized queries
- Authentication and session management issues
- Output encoding
- Error and exception handling
- Code signing
- Database security
- Identifying threats
- Risk analysis and mitigation
- Threat modeling
- Code review
- Software testing
- Code security tests
- Abuse case testing
- Fuzz testing
- Code repositories
- Application management
- Third party code
- Acquired software
- Developer training and awareness
- Building secure cloud solutions
- Web application firewalls
- Database security controls
- Continuing your CCSP certification journey
