CSSLP Cert Prep: 1 Secure Software Concepts

via LinkedIn Learning

Go to class Write review

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!

Grab it

Prepare for the ISC2 Certified Secure Software Lifecycle Professional (CSSLP) certification exam.

Syllabus

Introduction

Prepping for the CSSLP

1. Domain 1: Secure Software Concepts

Secure software concepts
What you should know
The goals of application security

2. The CIA Triad

Confidentiality
Integrity
Availability

3. Identity and Access Management

Authentication
Authorization
Accountability
Nonrepudiation
Governance, risk, and compliance

4. Access Controls

Least privilege
Separation of duties
Economy of mechanism
Complete mediation

5. Design Considerations

Defense in depth
Resiliency
Open design
Least common mechanism
Psychological acceptability
Leveraging existing components
Eliminate single point of failure
Diversity of defense

6. Domain 2: Secure Software Lifecycle Management

Secure software lifecycle management

7. Laying Your Foundation

Strategy and roadmap
Development methodologies
Integrated risk management
Promote security culture

8. Setting Expectations

Security standards and frameworks
Security documentation
Hardware and software configuration
Ongoing configuration management

9. Improving Over Time

Decommission software
Manage licenses and archives
Security metrics
Reporting security status
Continuous improvement
Implement secure operations practices

10. Domain 3: Secure Software Requirements

Determining security requirements

11. Security Requirements

Functional requirements
Nonfunctional requirements
Policy decomposition
Legal, regulatory, and industry

12. Privacy Requirements

Security vs. privacy
Data anonymization
User consent
Disposition
Private data storage

13. Data Classification Requirements

Data ownership
Labeling
Types of data
Data lifecycle

14. Validating Your Requirements

Misuse and abuse cases
Software requirement specifications
Security requirement traceability matrix

15. Domain 4: Secure Software Architecture and Design

Secure software design

16. Threat Modeling

What is threat modeling?
Understand common threats
Attack surface evaluation

17. Security Architecture

Secure architecture and design patterns
Identifying and prioritizing controls
Traditional application architectures
Pervasive and ubiquitous computing
Rich internet and mobile applications
Cloud architectures
Embedded system considerations
Architectural risk assessments
Component-based systems
Security enhancing tools
Cognitive computing
Control systems

18. Security Design

Components of a secure environment
Designing network and server controls
Designing data controls
Secure design principles and patterns
Secure interface design
Security architecture and design review
Secure operational architecture

19. Modeling

Nonfunctional properties and constraints
Data modeling and classification

20. Domain 5: Secure Software Implementation

Secure software implementation

21. Secure Coding Practices

Declaring variables
Inputs and outputs
Protecting secrets
Data-flow security
Deployment and operations
Isolation techniques
Processor microarchitecture security

22. Finding and Fixing Vulnerabilities

Identifying risks
The OWASP Top 10: 1-5
The OWASP Top 10: 6-10
Common Weakness Enumeration (CWE)
Addressing risks

23. Component Security

Third-party code and libraries
Component integration
Implementing security controls
Security in the build process

24. Domain 6: Secure Software Testing

Secure software testing

25. Developing Security Test Cases

Understanding your test environment
Automation vs. manual testing
Ensuring a comprehensive approach
Validating cryptography

26. Developing a Testing Strategy

Grouping your tests
Leveraging external resources
Verifying and validating documentation

27. Conducting Security Tests

Securing test data
Verification and validation testing
Identifying undocumented functionality

28. Reviewing the Results

Security implications of test results
Classifying and tracking security errors

29. Domain 7: Secure Software Deployment, Operations, and Maintenance

Secure software deployment, operations, and maintenance

30. Deploying Your Software

Performing an operational risk analysis
Releasing software securely
Storing and managing security data
Ensuring secure installation
Post-deployment security testing

31. Shifting Into Operations

Obtaining security approval to operate
Continuous security monitoring
Support incident response
Support continuity of operations
Service level objectives and agreements

32. Maintaining Your Software

Patch management
Vulnerability management
Runtime protection

33. Domain 8: Secure Software Supply Chain

Secure software supply chain

34. Supply Chain Risk Management

Identifying and selecting components
Assessing components' risks
Responding to those risks
Monitoring changes and vulnerabilities
Maintaining third-party components

35. Ensure Software Security

Analyzing third-party software security
Verifying pedigree and provenance

36. Get It in Writing

Security in the acquisition process
Contractual requirements

37. Exam Logistics

Registering for the exam
Exam environment
Passing the exam
Exam tips
Practice tests
Experience requirements
Continuing education requirements

Conclusion

Next steps

Taught by

Jerod Brennen

Reviews

5 rating at LinkedIn Learning based on 3 ratings

Start your review of CSSLP Cert Prep: 1 Secure Software Concepts

Go to class

Taught by

ISC2 Certified Secure Software Life-Cycle Professional (CSSLP)

Secure Software Deployment, Operations, and Maintenance for CSSLP®

Exam Tips and Tricks for CSSLP®

Secure Software Testing for CSSLP®

Secure Software Supply Chain for CSSLP®

Secure Software Requirements for CSSLP®

110+ Hours of Free LinkedIn Learning Courses with Free Certification

Never Stop Learning.