4.1 Recognize the need for Training and Awareness in Application Security
»» Cloud Development Basics (e.g., RESTful)
»» Common Pitfalls
»» Common Vulnerabilities (e.g. OWASP Top 10)
4.2 Understand Cloud Software Assurance and Validation
»» Cloud-based Functional Testing
»» Cloud Secure Development Lifecycle
»» Security Testing (e.g., SAST, DAST, Pen Testing)
4.3 Use Verified Secure Software
»» Approved API
»» Supply-Chain Management
»» Community Knowledge
4.4 Comprehend the Software Development Life-Cycle (SDLC) Process
»» Phases & Methodologies
»» Business Requirements
»» Software Configuration Management & Versioning
4.5 Apply the Secure Software Development Life-Cycle
»» Common Vulnerabilities (e.g., SQL Injection, XSS, XSRF, Direct Object Reference, Buffer Overflow)
»» Cloud-Specific Risks
»» Quality of Service
»» Threat Modeling
4.6 Comprehend the Specifics of Cloud Application Architecture
»» Supplemental Security Devices (e.g., WAF, DAM, XML firewalls, API gateway)
»» Cryptography (e.g. TLS, SSL, IPSEC)
»» Sandboxing
»» Application Virtualization
4.7 Design Appropriate Identity and Access Management (IAM) Solutions
»» Federated Identity
»» Identity Providers
»» Single Sign-On
»» Multi-factor Authentication
