Securing Cloud Applications

This Book offer an introduction to application security, covering fundamental concepts such as integrity, authentication, confidentiality, and non-repudiation. They discuss the importance of Transport Layer Security (TLS) for securing network communication and highlight the risks associated with software supply chain attacks, advocating for the use of dependency vulnerability scanners. Key cryptography concepts like hashing (SHA-2, SHA-3) and Message Authentication Codes (HMAC) are explained for ensuring data integrity and authenticity. The texts also introduce symmetric (AES-GCM) and public key cryptography (RSA, ECC) for confidentiality and digital signatures, along with standards like JSON Object Signing and Encryption (JOSE). The material emphasizes the shift to DevSecOps and the collective responsibility for security across IT roles, while also pointing to the complexity and potential pitfalls of using cryptographic libraries and encouraging the use of developer-friendly tools like Google Tink.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cyber_security_summary