diff --git a/1-5-security.md b/1-5-security.md
new file mode 100644
index 0000000..7f7faf8
--- /dev/null
+++ b/1-5-security.md
@@ -0,0 +1,239 @@
+# Security
+
+## Definitions (not important)
+
+### Computer security
+
+- CIA triangle
+
+### Cloud secirity
+
+- large scale, and complex
+
+### Other areas
+
+- OS
+ - Updates
+ - Unix access control (protect paths)
+- VM
+ - insecure VM
+ - tampered VM
+- Application layer
+
+## Security attacks
+
+### Types of attacks in cloud computing
+
+- Eavesdropping
+- Direct access
+- Cross site attack
+- Denial of service
+- Upgrader attack
+- Intrusion
+
+### Common examples
+
+- Distributed Denial of Service attack: prevent legitimate cloud users from
+ accessing cloud services
+- SQL Injection
+- Cross site scripting
+- Hijacking of account or services
+
+## Enforcing Security
+
+### Types of mitigations
+
+- Preventive: Before attack
+- Detective: When attacked
+- Corrective: After attacked
+
+### Mitigations
+
+#### Subscriber level
+
+- Access Control list: Deny unauthorized access
+- Secure by design
+- Firewalls: Web Application Firewall
+
+#### Service level
+
+- CSP (Cloud Service Handler) securely handle sensitive data and its Liabilities
+- Rules on governing the ownership of data
+- Geographical regions, where data will be stored
+
+## Implementing Cloud security and trust policies
+
+### Fancy words
+
+- Audit trails: monitor the users
+ - Trace changes, by using software like AIDE(File changes) and AWS
+ CloudTrail(User and API activity)
+ - Logs
+- Physical security: HW, SW, db should not be physically accessible to
+ unauthorized persons
+- Application security: Cloud service should be secure
+- Identity management: use ACL and SSO to control identity
+- Privacy, confidentiality and security: legal obligation
+- Data integrity
+- Data confidentiality
+
+### Servlet security
+
+#### Definition
+
+- Address the following(CIA)
+ - Confidentiality
+ - Integrity
+ - Authentication and authorization
+
+#### Realm
+
+- Definition: complete file and path, that stores authentication information in
+ servlet
+- Usually stored in `conf`, named `tomcat-users.xml`
+- Example:
+ ```xml
+
+
+
+
+
+
+
+
+ ```
+
+#### Authentication
+
+- Using password protection in apache servlet:
+- example `login-config`:
+ ```xml
+
+ BASIC
+
+ ```
+- possible values:
+ - BASIC: plaintext is used and sent, base64 encoded, least secure
+ - DIGEST: more secure, still not encrypted
+ - CLIENT-CERT: secure, use public key infrastructures(PKI), and encrypted
+ - FORM: customized authentication based on vendor, opt in encryption
+- The first three use standard browser pop up for authentication
+- FORM need to be implemented manually
+
+#### Confidentiality and Integrity
+
+- Using deployment descriptor, which protects data in transit:
+- example `deployment descriptor`:
+ ```xml
+
+ CONFIDENTIAL>/transport-
+ guarantee>
+
+ ```
+- Possible values:
+ - NON: default, plain text, insecure
+ - INTEGRAL: Can't be changed
+ - CONFIDENTIAL: won't be seen by anyone on the net
+- The last two use SSL(Secure Socket Layer) to implement it
+
+## AWS Security
+
+### Stupid fancy words:
+
+- AWS Day One Best Practice
+- AWS security and compliance programs
+- AWS Shared Responsibility Model
+- AWS Identity and Access Management (IAM)
+- AWS Trusted Advisor
+- AWS CloudTrail
+- AWS Config
+- AWS Shield
+- AWS WAF (Web Application Firewall)
+- Constant patching, updates (browsers, antiviruses, etc) and monitoring
+
+### Responsibility
+
+- AWS: Security of the cloud
+- Customers: Security in the cloud
+
+### IAM: Identity and Access Management
+
+- Definition: web service that helps you securely control access to AWS
+ resources
+- Use it to control who can sign in(authentication) and is authorized to use
+ stuff
+- AWS account root user:
+ - When user first sign in to AWS, they have full control over every service
+ - Best practice:
+ - Use it to create IAM user
+ - Lock away the root user credentials
+ - Use root only to perform few account and service management services
+
+### IAM MFA
+
+- Definition: Multi factor authentication
+- Adds extra security
+- Forms:
+ - SMS based: send a 6 digit code to user's phone, and user is required to
+ type the code
+
+#### Security and trust
+
+- Legal bindings
+ - SLA
+ - Data sharing, and location
+- Hypervisor: created by 3rd party
+- Middleware: Security features
+- relation:
+ - Security is the key to mutual trust
+
+### Trust
+
+#### Conditions for trust
+
+- Risk: because there would be loss, which is important
+- Interdependence: The client and provider rely on each other
+
+#### Phases
+
+- Build phase
+- Stability phase
+- Dissolution phase
+
+## Cryptography
+
+### Pub-key cryptography
+
+- use key pairs, a private key and a public key, asymmetric encryption
+- private key is kept safely
+
+### Envelope encryption
+
+- Multi layer encryption
+- encrypting plaintext data with data key, then encrypting data key under
+ another key
+- Can have multiple layers of encryption
+- AWS KMS (Key management service) uses this to encrypt user data
+ - Use KMS to encrypt the key for other encryption, and store the encrypted
+ key
+
+### AWS Security services
+
+#### Encrypting stuff
+
+- KMS: Key management, use HSM(Hardware Security Modules), and integrated to
+ CloudTrail to track key usage
+- Cloud HSM: Cloud Hardware Security Module
+ - To generate, manage and use your own encryption keys.
+ - Standard compiant: Can be integrated to JCE, and CryptoNG libraries
+
+#### Managing SSL/TLS certificates
+
+- Certificate manager: deploy, manage and renew SSL/TLS certificates, for AWS
+ services or your own
+ - Simplify the process of managing the certificates, which is used for web
+ traffic
+
+#### DDoS attacks
+
+- AWS Shield to mitigate against it