Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

LinkedIn Learning

CSSLP Cert Prep: 1 Secure Software Concepts

via LinkedIn Learning

Overview

Prepare for the ISC2 Certified Secure Software Lifecycle Professional (CSSLP) certification exam.

Syllabus

Introduction
  • Prepping for the CSSLP
1. Domain 1: Secure Software Concepts
  • Secure software concepts
  • What you should know
  • The goals of application security
2. The CIA Triad
  • Confidentiality
  • Integrity
  • Availability
3. Identity and Access Management
  • Authentication
  • Authorization
  • Accountability
  • Nonrepudiation
  • Governance, risk, and compliance
4. Access Controls
  • Least privilege
  • Separation of duties
  • Economy of mechanism
  • Complete mediation
5. Design Considerations
  • Defense in depth
  • Resiliency
  • Open design
  • Least common mechanism
  • Psychological acceptability
  • Leveraging existing components
  • Eliminate single point of failure
  • Diversity of defense
6. Domain 2: Secure Software Lifecycle Management
  • Secure software lifecycle management
7. Laying Your Foundation
  • Strategy and roadmap
  • Development methodologies
  • Integrated risk management
  • Promote security culture
8. Setting Expectations
  • Security standards and frameworks
  • Security documentation
  • Hardware and software configuration
  • Ongoing configuration management
9. Improving Over Time
  • Decommission software
  • Manage licenses and archives
  • Security metrics
  • Reporting security status
  • Continuous improvement
  • Implement secure operations practices
10. Domain 3: Secure Software Requirements
  • Determining security requirements
11. Security Requirements
  • Functional requirements
  • Nonfunctional requirements
  • Policy decomposition
  • Legal, regulatory, and industry
12. Privacy Requirements
  • Security vs. privacy
  • Data anonymization
  • User consent
  • Disposition
  • Private data storage
13. Data Classification Requirements
  • Data ownership
  • Labeling
  • Types of data
  • Data lifecycle
14. Validating Your Requirements
  • Misuse and abuse cases
  • Software requirement specifications
  • Security requirement traceability matrix
15. Domain 4: Secure Software Architecture and Design
  • Secure software design
16. Threat Modeling
  • What is threat modeling?
  • Understand common threats
  • Attack surface evaluation
17. Security Architecture
  • Secure architecture and design patterns
  • Identifying and prioritizing controls
  • Traditional application architectures
  • Pervasive and ubiquitous computing
  • Rich internet and mobile applications
  • Cloud architectures
  • Embedded system considerations
  • Architectural risk assessments
  • Component-based systems
  • Security enhancing tools
  • Cognitive computing
  • Control systems
18. Security Design
  • Components of a secure environment
  • Designing network and server controls
  • Designing data controls
  • Secure design principles and patterns
  • Secure interface design
  • Security architecture and design review
  • Secure operational architecture
19. Modeling
  • Nonfunctional properties and constraints
  • Data modeling and classification
20. Domain 5: Secure Software Implementation
  • Secure software implementation
21. Secure Coding Practices
  • Declaring variables
  • Inputs and outputs
  • Protecting secrets
  • Data-flow security
  • Deployment and operations
  • Isolation techniques
  • Processor microarchitecture security
22. Finding and Fixing Vulnerabilities
  • Identifying risks
  • The OWASP Top 10: 1-5
  • The OWASP Top 10: 6-10
  • Common Weakness Enumeration (CWE)
  • Addressing risks
23. Component Security
  • Third-party code and libraries
  • Component integration
  • Implementing security controls
  • Security in the build process
24. Domain 6: Secure Software Testing
  • Secure software testing
25. Developing Security Test Cases
  • Understanding your test environment
  • Automation vs. manual testing
  • Ensuring a comprehensive approach
  • Validating cryptography
26. Developing a Testing Strategy
  • Grouping your tests
  • Leveraging external resources
  • Verifying and validating documentation
27. Conducting Security Tests
  • Securing test data
  • Verification and validation testing
  • Identifying undocumented functionality
28. Reviewing the Results
  • Security implications of test results
  • Classifying and tracking security errors
29. Domain 7: Secure Software Deployment, Operations, and Maintenance
  • Secure software deployment, operations, and maintenance
30. Deploying Your Software
  • Performing an operational risk analysis
  • Releasing software securely
  • Storing and managing security data
  • Ensuring secure installation
  • Post-deployment security testing
31. Shifting Into Operations
  • Obtaining security approval to operate
  • Continuous security monitoring
  • Support incident response
  • Support continuity of operations
  • Service level objectives and agreements
32. Maintaining Your Software
  • Patch management
  • Vulnerability management
  • Runtime protection
33. Domain 8: Secure Software Supply Chain
  • Secure software supply chain
34. Supply Chain Risk Management
  • Identifying and selecting components
  • Assessing components' risks
  • Responding to those risks
  • Monitoring changes and vulnerabilities
  • Maintaining third-party components
35. Ensure Software Security
  • Analyzing third-party software security
  • Verifying pedigree and provenance
36. Get It in Writing
  • Security in the acquisition process
  • Contractual requirements
37. Exam Logistics
  • Registering for the exam
  • Exam environment
  • Passing the exam
  • Exam tips
  • Practice tests
  • Experience requirements
  • Continuing education requirements
Conclusion
  • Next steps

Taught by

Jerod Brennen

Reviews

5 rating at LinkedIn Learning based on 3 ratings

Start your review of CSSLP Cert Prep: 1 Secure Software Concepts

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.