Overview
The Cloud Developer learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed for those responsible for the design, development, and deployment of cloud applications and provides learners with a clear understanding of how to mitigate cloud computing risks.
Topics covered include:
- “Big Data” and it introduces security challenges
- Cloud computing characteristics, service and deployment models, and regulatory requirements
- Platform-specific secure coding best practices including AWS and/or Azure
- API 210 Mitigating APIs Lack of Resources & Rate Limiting (COMING SOON)
- API 211 Mitigating APIs Broken Object Level Authorization (COMING SOON)
- COD 214 – Creating Secure GO Applications
- COD 241 – Creating Secure Oracle DB Applications
- COD 252 – Securing Google Platform Applications & Data
- COD 253 – Creating Secure AWS Cloud Applications
- COD 254 – Creating Secure Azure Applications
- COD 255 – Creating Secure Code: Web API Foundations
- COD 259 – Node.js Threats & Vulnerabilities
- COD 261 – Threats to Scripts
- COD 267 – Securing Python Microservices
- DES 204 – Role of Cryptography in Application Development
- DES 206 – Meeting Cloud Governance and Compliance Requirements
- DES 207 – Mitigating OWASP API Security Top 10
- DES 208 – Defending Against the CSA Top 11 Threats to Cloud Computing
- DES 209 Authentication and Lifecycle Management (COMING SOON)
- DES 212 – Architecture Risk Analysis & Remediation
- DES 214 – Securing Infrastructure Architecture
- DES 215 – Defending Infrastructure
- DES 216 – Protecting Cloud Infrastructure
- DES 218 – Protecting Microservices, Containers, and Orchestration
- DES 222 – Applying OWASP 2017: Mitigating Injection
- DES 223 – Applying OWASP 2017: Mitigating Broken Authentication
- DES 224 – Applying OWASP 2017: Mitigating Sensitive Data Exposure
- DES 225 – Applying OWASP 2017: Mitigating XML External Entities
- DES 226 – Applying OWASP 2017: Mitigating Broken Access Control
- DES 227 – Applying OWASP 2017: Mitigating Security Misconfiguration
- DES 228 – Applying OWASP 2017: Mitigating Cross Site Scripting (XSS)
- DES 229 – Applying OWASP 2017: Mitigating Insecure Deserialization
- DES 230 – Applying OWASP 2017: Mitigating Use of Components with Known Vulnerabilities
- DES 231 – Applying OWASP 2017: Mitigating Insufficient Logging & Monitoring Vulnerabilities
- DES 232 – Mitigating OWASP 2021 Injection (NEW)
- DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures (NEW)
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures (NEW)
- DES 235 Mitigating OWASP 2021 Insecure Design (NEW)
- DES 236 Mitigating OWASP 2021 Broken Access Control (NEW)
- DES 237 Mitigating OWASP 2021 Security Misconfiguration (NEW)
- DES 238 Mitigating OWASP 2021 Server-Side Request Forgery (SSRF) (NEW)
- DES 239 Mitigating OWASP 2021 Software and Data Integrity Failures (NEW)
- DES 240 Mitigating OWASP 2021 Vulnerable and Outdated Components (NEW)
- DES 241 Mitigating OWASP 2021 Security Logging and Monitoring Failures (NEW)
- DES 281 – OWASP IoT1: Mitigating Weak, Guessable or Hardcoded Passwords
- DES 282 – OWASP IoT2: Mitigating Insecure Network Services
- DES 283 – OWASP IoT3: Mitigating Insecure Ecosystem Interfaces
- DES 284 – OWASP IoT4: Mitigating Lack of Secure Update Mechanism
- DES 285 – OWASP IoT5: Mitigating Use of Insecure or Outdated Components
- DES 286 – OWASP IoT6: Mitigating Insufficient Privacy Protection
- DES 287 – OWASP IoT7: Mitigating Insecure Data Transfer and Storage
- DES 288 – OWASP IoT8: Mitigating Lack of Device Management
- DES 289 – OWASP IoT9: Mitigating Insecure Default Settings
- DES 290 – OWASP IoT10 Mitigating Lack of Physical Hardening
- DSO 211 – Identifying Threats to Containers in a DevSecOps Framework
- DSO 212 Fundamentals of Zero Trust Security (COMING SOON)
- DSO 253 – DevSecOps in the AWS Cloud
- DSO 254 – DevSecOps in the Azure Cloud
- DSO 256 – DevSecOps in the Google Cloud Platform
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 212 – Implementing Secure Software Operations
- LAB 122 Identifying Insecure APIs (NEW)
- LAB 123 Identifying Vertical Privilege Escalation (NEW)
- LAB 221 Defending C# Against SQL Injection (NEW)
- LAB 223 Defending Node.js Against SQL Injection (NEW)
- LAB 232 Defending C# Against XSS (NEW)
- LAB 233 Defending Node.js Against XSS (NEW)
- LAB 238 Defending Against Weak AES ECB Mode Encryption (C#) (COMING SOON)
- LAB 239 Defending Against Weak PRNG (C#) (COMING SOON)
- LAB 241 Defending C# Against eXternal XML Entity (XXE) Vulnerabilities (NEW)
- LAB 242 Defending Node.js Against eXternal XML Entity (XXE) Vulnerabilities (NEW)
- LAB 245 Defending Against Plaintext Password Storage (Node.js) (COMING SOON)
- LAB 246 Defending Against Weak AES ECB Mode Encryption (Node.js) (COMING SOON)
- LAB 247 Defending Against Weak PRNG (Node.js) (COMING SOON)
- LAB 248 Defending Against Parameter Tampering (Node.js) (COMING SOON)
- LAB 250 Defending Against Parameter Tampering (C#) (COMING SOON)
- LAB 251 Defending Against Plaintext Password Storage (C#) (COMING SOON)
- DES 311 – Creating Secure Application Architecture
- DES 313 Hardening a Kubernetes Cluster (COMING SOON)
- DSO 301 – Orchestrating Secure System and Service Configuration
- DSO 304 – Securing API Gateways in a DevSecOps Framework
- DSO 305 – Automating CI/CD Pipeline Compliance
- DSO 306 – Implementing Infrastructure as Code
- DSO 307 – Secure Secrets Management
- ENG 311 – Attack Surface Analysis & Reduction
- ENG 312 – How to Perform a Security Code Review
Learning Path Details
Number of Courses: 89
Total Duration: 23 hours
Total CPE Credits: 27