Course Description
Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic cloud environments – internal and external. They are intended to meet the deliver the application management objectives of continuous integration (CI) and continuous delivery (CD) – which by its nature involves rapid development can result in expediency at the potential expense of reduced security and quality. In this information-packed workshop, we will cover key building blocks and significant risks, and systematically sort through the available CyberSecurity control points, safeguards and audit procedures for today’s cloud-native applications.
Learning Objectives
- Identify and assess CyberSecurity control points and software building blocks in a cloud-native application architecture
- Understand the risks and causes associated with different types of CyberAttacks on cloud-native and other web-oriented applications/li>
- Evaluate different methods of CyberSecruity testing of web applications throughout the cloud-native related Development Life Cycles (SDLCs)/li>
- Gain familiarity with industry best practices for secure cloud-native application design, testing, and operation/li>
Course Outline
Cloud-Native Application Audit Planning
- CyberSecurity risks to business applications
- Distributed computing models—legacy and beyond compared
- Defining the cloud-native landscape
- Developing a cloud-native application audit game plan
Identifying and Auditing the Modern Cloud-Native Application Environment
- Cloud computing
- Containers and orchestration
- Microservices
- Application programming interfaces (APIs)
- Service meshes
- Message queuing (MQ)
- Serverless computing
- Documenting and analyzing distributed web applications
Auditing Secure Design and Testing of Cloud Native Applications
- Cloud-native application software development lifecycles (Agile, DevOps, DevSecOps)
- Common application software risks, attacks, and countermeasures
- Open Source Software (OSS) risks and controls
- Content Management Systems (CMS) and Shadow IT risks and controls
- CyberSecurity in software design and testing throughout the SDLC , including operations and on-going support
Summary Wrap-up
- Cloud-native application audit checklist
- Sources of information, checklists, and tools
Additional Information
Who Should Attend
- IT Auditors
- Information Security Managers, Analysts, and Architects
- IT Management, IT Architects
- Web Site Administrators, System Administrators
- Application Architects, Developers and Analysts
- Consultants
Learning Level
Intermediate
Delivery
Group-Live
Field
Auditing
Recommended Prerequisites
Auditing IT Application Systems or equivalent training. A basic understanding of IT audit controls and terminology is assumed.
Session Duration
On Site: 2 days
CPE Credits: 16