CSSLP Certified Secure Software Lifecycle Professional All-in-One Exam Guide, 3rd Edition
- Length: 416 pages
- Edition: 3
- Language: English
- Publisher: McGraw Hill
- Publication Date: 2022-02-02
- ISBN-10: 1264258208
- ISBN-13: 9781264258208
- Sales Rank: #338647 (See Top 100 Books)
Providing 100% coverage of the latest CSSLP exam, this self-study guide offers everything you need to ace the exam
Get complete coverage of all the material included on the Certified Secure Software Lifecycle Professional exam. CSSLP Certified Secure Software Lifecycle Professional All-in-One Exam Guide, Third Edition covers all eight exam domains developed by the International Information Systems Security Certification Consortium (ISC)2®. You’ll find learning objectives at the beginning of each chapter, exam tips, and practice questions with explanations. Designed to help you pass the exam with ease, this definitive resource also serves as an essential on-the-job reference.
Covers all eight exam domains:
- Secure Software Concepts
- Secure Software Requirements
- Secure Software Architecture and Design
- Secure Software Implementation
- Secure Software Testing
- Secure Software Lifecycle Management
- Secure Software Deployment, Operations, Maintenance
- Secure Software Supply Chain
Online content includes:
- Test engine that provides full-length practice exams or customized quizzes by chapter or exam domain
Cover Title Page Copyright Page Dedication About the Authors Contents at a Glance Contents Acknowledgments Introduction Exam Objective Map Part I Secure Software Concepts Chapter 1 Core Concepts Confidentiality Implementing Confidentiality Integrity Implementing Integrity Availability Authentication Multifactor Authentication Identity Management Identity Provider Identity Attributes Certificates Identity Tokens SSH Keys Smart Cards Implementing Authentication Credential Management Authorization Access Control Mechanisms Accountability (Auditing and Logging) Logging Syslog Nonrepudiation Secure Development Lifecycle Security vs. Quality Security Features != Secure Software Secure Development Lifecycle Components Software Team Awareness and Education Gates and Security Requirements Bug Tracking Threat Modeling Fuzzing Security Reviews Mitigations Chapter Review Quick Tips Questions Answers Chapter 2 Security Design Principles System Tenets Session Management Exception Management Configuration Management Secure Design Tenets Good Enough Security Least Privilege Separation of Duties Defense in Depth Fail-Safe Economy of Mechanism Complete Mediation Open Design Least Common Mechanism Psychological Acceptability Weakest Link Leverage Existing Components Single Point of Failure Security Models Access Control Models Multilevel Security Model Integrity Models Information Flow Models Adversaries Adversary Type Adversary Groups Threat Landscape Shift Chapter Review Quick Tips Questions Answers Part II Secure Software Requirements Chapter 3 Define Software Security Requirements Functional Requirements Role and User Definitions Objects Activities/Actions Subject-Object-Activity Matrix Use Cases Sequencing and Timing Secure Coding Standards Operational and Deployment Requirements Connecting the Dots Chapter Review Quick Tips Questions Answers Chapter 4 Identify and Analyze Compliance Requirements Regulations and Compliance Security Standards ISO NIST FISMA Sarbanes-Oxley Gramm-Leach-Bliley HIPAA and HITECH Payment Card Industry Data Security Standard Other Regulations Legal Issues Intellectual Property Data Classification Data States Data Usage Data Risk Impact Data Lifecycle Generation Data Ownership Data Owner Data Custodian Labeling Sensitivity Impact Privacy Privacy Policy Personally Identifiable Information Personal Health Information Breach Notifications General Data Protection Regulation California Consumer Privacy Act 2018 (AB 375) Privacy-Enhancing Technologies Data Minimization Data Masking Tokenization Anonymization Pseudo-anonymization Chapter Review Quick Tips Questions Answers Chapter 5 Misuse and Abuse Cases Misuse/Abuse Cases Requirements Traceability Matrix Software Acquisition Definitions and Terminology Build vs. Buy Decision Outsourcing Contractual Terms and Service Level Agreements Requirements Flow Down to Suppliers/Providers Chapter Review Quick Tips Questions Answers Part III Secure Software Architecture and Design Chapter 6 Secure Software Architecture Perform Threat Modeling Threat Model Development Attack Surface Evaluation Attack Surface Measurement Attack Surface Minimization Threat Intelligence Threat Hunting Define the Security Architecture Security Control Identification and Prioritization Distributed Computing Service-Oriented Architecture Web Services Rich Internet Applications Pervasive/Ubiquitous Computing Embedded Cloud Architectures Mobile Applications Hardware Platform Concerns Cognitive Computing Control Systems Chapter Review Quick Tips Questions Answers Chapter 7 Secure Software Design Performing Secure Interface Design Logging Protocol Design Choices Performing Architectural Risk Assessment Model (Nonfunctional) Security Properties and Constraints Model and Classify Data Types of Data Structured Unstructured Evaluate and Select Reusable Secure Design Creating a Practical Reuse Plan Credential Management Flow Control Data Loss Prevention Virtualization Trusted Computing Database Security Programming Language Environment Operating System Controls and Services Secure Backup and Restoration Planning Secure Data Retention, Retrieval, and Destruction Perform Security Architecture and Design Review Define Secure Operational Architecture Use Secure Architecture and Design Principles, Patterns, and Tools Chapter Review Quick Tips Questions Answers Part IV Secure Software Implementation Chapter 8 Secure Coding Practices Declarative vs. Imperative Security Bootstrapping Cryptographic Agility Handling Configuration Parameters Memory Management Type-Safe Practice Locality Error Handling Interface Coding Primary Mitigations Learning from Past Mistakes Secure Design Principles Good Enough Security Least Privilege Separation of Duties Defense in Depth Fail Safe Economy of Mechanism Complete Mediation Open Design Least Common Mechanism Psychological Acceptability Weakest Link Leverage Existing Components Single Point of Failure Interconnectivity Session Management Exception Management Configuration Management Cryptographic Failures Hard-Coded Credentials Missing Encryption of Sensitive Data Use of a Broken or Risky Cryptographic Algorithm Download of Code Without Integrity Check Use of a One-Way Hash Without a Salt Input Validation Failures Buffer Overflow Canonical Form Missing Defense Functions Output Validation Failures General Programming Failures Sequencing and Timing Technology Solutions Chapter Review Quick Tips Questions Answers Chapter 9 Analyze Code for Security Risks Code Analysis (Static and Dynamic) Static Application Security Testing Dynamic Application Security Testing Interactive Application Security Testing Runtime Application Self-Protection Code/Peer Review Code Review Objectives Additional Sources of Vulnerability Information CWE/SANS Top 25 Vulnerability Categories OWASP Vulnerability Categories Common Vulnerabilities and Countermeasures Injection Attacks Chapter Review Quick Tips Questions Answers Chapter 10 Implement Security Controls Security Risks Implement Security Controls Applying Security via the Build Environment Integrated Development Environment Anti-tampering Techniques Code Signing Configuration Management: Source Code and Versioning Code Obfuscation Defensive Coding Techniques Declarative vs. Programmatic Security Bootstrapping Cryptographic Agility Handling Configuration Parameters Interface Coding Memory Management Primary Mitigations Secure Integration of Components Secure Reuse of Third-Party Code or Libraries System-of-Systems Integration Chapter Review Quick Tips Questions Answers Part V Secure Software Testing Chapter 11 Security Test Cases Security Test Cases Attack Surface Evaluation Penetration Testing Common Methods Fuzzing Scanning Simulations Failure Modes Cryptographic Validation Regression Testing Integration Testing Continuous Testing Chapter Review Quick Tips Questions Answers Chapter 12 Security Testing Strategy and Plan Develop a Security Testing Strategy and a Plan Functional Security Testing Unit Testing Nonfunctional Security Testing Testing Techniques White-Box Testing Black-Box Testing Gray-Box Testing Testing Environment Environment Standards ISO/IEC 25010:2011 SSE-CMM OSSTMM Crowd Sourcing Chapter Review Quick Tips Questions Answers Chapter 13 Software Testing and Acceptance Perform Verification and Validation Testing Software Qualification Testing Qualification Testing Hierarchy Identify Undocumented Functionality Analyze Security Implications of Test Results Classify and Track Security Errors Bug Tracking Defects Errors Bug Bar Risk Scoring Secure Test Data Generate Test Data Reuse of Production Data Chapter Review Quick Tips Questions Answers Part VI Secure Software Lifecycle Management Chapter 14 Secure Configuration and Version Control Secure Configuration and Version Control Define Strategy and Roadmap Manage Security Within a Software Development Methodology Security in Adaptive Methodologies Security in Predictive Methodologies Identify Security Standards and Frameworks Define and Develop Security Documentation Develop Security Metrics Decommission Software End-of-Life Policies Data Disposition Report Security Status Chapter Review Quick Tips Questions Answers Chapter 15 Software Risk Management Incorporate Integrated Risk Management Regulations and Compliance Legal Standards and Guidelines Risk Management Terminology Technical Risk vs. Business Risk Promote Security Culture in Software Development Security Champions Security Education and Guidance Implement Continuous Improvement Chapter Review Quick Tips Questions Answers Part VII Secure Software Deployment, Operations, Maintenance Chapter 16 Secure Software Deployment Perform Operational Risk Analysis Deployment Environment Personnel Training Safety Criticality System Integration Release Software Securely Secure Continuous Integration and Continuous Delivery Pipeline Secure Software Tool Chain Build Artifact Verification Securely Store and Manage Security Data Credentials Secrets Keys/Certificates Configurations Ensure Secure Installation Bootstrapping Least Privilege Environment Hardening Secure Activation Security Policy Implementation Secrets Injection Perform Post-Deployment Security Testing Chapter Review Quick Tips Questions Answers Chapter 17 Secure Software Operations and Maintenance Obtain Security Approval to Operate Perform Information Security Continuous Monitoring Collect and Analyze Security Observable Data Threat Intel Intrusion Detection/Response Secure Configuration Regulation Changes Support Incident Response Root-Cause Analysis Incident Triage Forensics Perform Patch Management Perform Vulnerability Management Runtime Protection Support Continuity of Operations Backup, Archiving, Retention Disaster Recovery Resiliency Integrate Service Level Objectives and Service Level Agreements Chapter Review Quick Tips Questions Answers Part VIII Secure Software Supply Chain Chapter 18 Software Supply Chain Risk Management Implement Software Supply Chain Risk Management Analyze Security of Third-Party Software Verify Pedigree and Provenance Secure Transfer System Sharing/Interconnections Code Repository Security Build Environment Security Cryptographically Hashed, Digitally Signed Components Right to Audit Chapter Review Quick Tips Questions Answers Chapter 19 Supplier Security Requirements Ensure Supplier Security Requirements in the Acquisition Process Supplier Sourcing Supplier Transitioning Audit of Security Policy Compliance Vulnerability/Incident Notification, Response, Coordination, and Reporting Maintenance and Support Structure Security Track Record Support Contractual Requirements Intellectual Property Legal Compliance Chapter Review Quick Tips Questions Answers Part IX Appendix and Glossary Appendix About the Online Content System Requirements Your Total Seminars Training Hub Account Privacy Notice Single User License Terms and Conditions TotalTester Online Technical Support Glossary Index
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.