CCSP Domain 4 Quick Recap/Review| Cloud Application Security| CCSP Full Crash Course | CCSP Training
ฝัง
- เผยแพร่เมื่อ 7 ม.ค. 2022
- Domain 4 Full Course: • CCSP Domain 4 Full Cou...
ISC2 CCSP Free Quiz - www.isc2.org/certifications/q...
Website: cyberplatter.com/
Discord Channel: / discord
ISC2 CCSP Exam Outline: www.isc2.org/Certifications/c...
Domain 4: Cloud Application Security
• 4.1 Advocate Training and Awareness for Application Security
○ Cloud Development Basics
○ Common Pitfalls
○ Common Cloud Vulnerabilities
• 4.2 Describe the Secure Software Development Life Cycle (SDLC) Process
○ Business Requirements
○ Phases and Methodologies
• 4.3 Apply the Secure Software Development Life Cycle (SDLC)
○ Avoid Common Vulnerabilities During Development
○ Threat Modeling
○ Cloud-specific Risks
○ Software Configuration Management and Versioning
○ Quality Assurance
• 4.4 Apply Cloud Software Assurance and Validation
○ Functional Testing
○ Security Testing Methodologies
• 4.5 Use Verified Secure Software
○ Approved Application Programming Interface (API)
○ Supply-chain Management
○ Third Party Software Management
○ Validated Open Source Software
• 4.6 Comprehend the Specifics of Cloud Application Architecture
○ Supplemental Security Components (e.g., Web Application Firewall (WAF), Database Activity Monitoring (DAM), Extensible Markup Language (XML) Firewalls, Application Programming Interface (API) gateway)
○ Cryptography
○ Sandboxing
○ Application Virtualization and Orchestration
• 4.7 Design Appropriate Identity and Access Management (IAM) Solutions
○ Federated Identity
○ Identity Providers
○ Single Sign-On (SSO)
○ Multi-factor Authentication
○ Cloud Access Security Broker (CASB)