This course introduces you to cybersecurity for the cloud. We'll learn and apply classic security techniques to today’s cloud security problems. We start with a deceptively simple and secure web service and address the problems arising as we improve it. We’ll analyze recent cloud security vulnerabilities using standard, systematic techniques. We’ll build our own web service case studies and construct security solutions for them. Our toolkit contains classic security concepts like Least Privilege and Separation of Duty, as well as more technical cryptographic and access control techniques.

This course gives learners an opportunity to explore data security in the cloud. In this course, learners will:* Dive into the data services offered by cloud providers and compare their security features. * Analyze a data breach and trace it back to the vulnerability that made it possible. * Learn about database injection and aggregation attacks. * Follow the life cycle of a data item and its relationship to privacy and integrity. * Associate modern privacy requirements with US and European laws.

After completing the course, the student should be able to do the following:● List and describe the OWASP Top 10 vulnerabilities. ● Identify methods to provide cloud security assurance as part of the development life cycle, e.g. in a continuous delivery environment. ● List and describe the different types of virtualization or sandboxing used to protect cloud applications at either the server or client. ● Describe the application of authentication factors and federated identity solutions in cloud client and server authentication. ● Given a cloud application, explain where and how the necessary crypto keys, passwords, and other security secrets should be stored and distributed.

After completing the course, the student should be able to do the following:● Associate lists of OWASP Top Ten Risks with major cloud cybersecurity risks. ● Apply appropriate cryptographic techniques to secure authentication mechanisms and cloud data. ● Identify the most effective strategies for resisting injection attacks, cross-site scripting attacks, and object deserialization attacks. ● Assess strategies to address risks posed by administrative failures, including misconfiguration, broken access control, vulnerable software components, and security monitoring.