Leveraging Google Cloud Armor, Security Scanner and the Data Loss Prevention API

by Janani Ravi

This course focuses on the design and implementation of security scanning, protection against Distributed Denial of Service (DDoS) attacks and security auditing. The course also covers the use of the Data Loss Prevention API in protecting sensitive data.

What you'll learn

Recent years have witnessed a steady increase in the number of reported instances of data being compromised, stolen and even sold for ransom.

In this course, Leveraging Google Cloud Armor, Security Scanner and the Data Loss Prevention API, you will gain the ability to mitigate threats of DDoS attacks using Cloud Armor, scan your App Engine and Compute Engine web apps using Security Scanner, enforce audit rules using Forseti and use the Data Loss Prevention API to control access to sensitive data.

First, you will learn how to use Cloud Armor to mitigate the threat of DDoS attacks directed at your HTTP(S) load balanced applications. Cloud Armor will enforce these rules at the edge of the Google network and prevent unwanted requests from permeating into the interior of your VPC network.

Next, you will discover how to use the Security Scanner to identify potential vulnerabilities in your App Engine and Compute Engine web apps. These currently include checks for cross-site scripting, flash injection, mixed content, clear-text passwords, invalid headers and the use of outdated libraries. This list of vulnerabilities is constantly being added to, which means that your Security Scanner reports will change and get richer and better over time. You will also use Forseti, a third-party tool that is used to conduct security audits of IAM policies and compare the actual and desired state of system resources.

Finally, you will explore how to use the Data Loss Prevention API to control access to sensitive data. The DLP API has a long list of country-specific types of sensitive data type - US Social Security Numbers and the tax identifiers of several countries. The API has built-in detectors to return probabilities that a given data item matches a certain type of sensitive data. It is also possible to add custom detectors, and to use powerful techniques for redaction and de-identification of such data.

When you’re finished with this course, you will have the skills and knowledge of various security auditing and protection services to protect against DDoS attacks, as well as identify vulnerabilities in your apps and project settings to help identify and protect sensitive data.

Table of contents

Course Overview

About the author

Janani has a Masters degree from Stanford and worked for 7+ years at Google. She was one of the original engineers on Google Docs and holds 4 patents for its real-time collaborative editing framework. After spending years working in tech in the Bay Area, New York, and Singapore at companies such as Microsoft, Google, and Flipkart, Janani finally decided to combine her love for technology with her passion for teaching. She is now the co-founder of Loonycorn, a content studio focused on providin... more

Ready to upskill? Get started