ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

سرفصل های دوره

The Certified Secure Software Lifecycle Professional (CSSLP) certification is designed for software development and security professionals, including software architects, developers, project managers, security managers, quality assurance testers, and anyone responsible for ensuring the security of software applications throughout the development lifecycle. This comprehensive course with instructor Jerod Brennen helps you prepare to tackle the official CSSLP exam. Explore the core concepts and fundamental skills required for each of the eight domains of the exam: Secure Software Concepts; Secure Software Lifecycle Management; Secure Software Requirements; Secure Software Architecture and Design; Secure Software Implementation; Secure Software Testing; Software Deployment, Operations, and Maintenance; and Secure Software Supply Chain.

01 - Introduction

01 - Prepping for the CSSLP

02 - 1. Domain 1 Secure Software Concepts

01 - Secure software concepts

02 - What you should know

03 - The goals of application security

03 - 2. The CIA Triad

01 - Confidentiality

02 - Integrity

03 - Availability

04 - 3. Identity and Access Management

01 - Authentication

02 - Authorization

03 - Accountability

04 - Nonrepudiation

05 - Governance, risk, and compliance

05 - 4. Access Controls

01 - Least privilege

02 - Separation of duties

03 - Economy of mechanism

04 - Complete mediation

06 - 5. Design Considerations

01 - Defense in depth

02 - Resiliency

03 - Open design

04 - Least common mechanism

05 - Psychological acceptability

06 - Leveraging existing components

07 - Eliminate single point of failure

08 - Diversity of defense

07 - 6. Domain 2 Secure Software Lifecycle Management

01 - Secure software lifecycle management

08 - 7. Laying Your Foundation

01 - Strategy and roadmap

02 - Development methodologies

03 - Integrated risk management

04 - Promote security culture

09 - 8. Setting Expectations

01 - Security standards and frameworks

02 - Security documentation

03 - Hardware and software configuration

04 - Ongoing configuration management

10 - 9. Improving Over Time

01 - Decommission software

02 - Manage licenses and archives

03 - Security metrics

04 - Reporting security status

05 - Continuous improvement

06 - Implement secure operations practices

11 - 10. Domain 3 Secure Software Requirements

01 - Determining security requirements

12 - 11. Security Requirements

01 - Functional requirements

02 - Nonfunctional requirements

03 - Policy decomposition

04 - Legal, regulatory, and industry

13 - 12. Privacy Requirements

01 - Security vs. privacy

02 - Data anonymization

03 - User consent

04 - Disposition

05 - Private data storage

14 - 13. Data Classification Requirements

01 - Data ownership

02 - Labeling

03 - Types of data

04 - Data lifecycle

15 - 14. Validating Your Requirements

01 - Misuse and abuse cases

02 - Software requirement specifications

03 - Security requirement traceability matrix

16 - 15. Domain 4 Secure Software Architecture and Design

01 - Secure software design

17 - 16. Threat Modeling

01 - What is threat modeling

02 - Understand common threats

03 - Attack surface evaluation

18 - 17. Security Architecture

01 - Secure architecture and design patterns

02 - Identifying and prioritizing controls

03 - Traditional application architectures

04 - Pervasive and ubiquitous computing

05 - Rich internet and mobile applications

06 - Cloud architectures

07 - Embedded system considerations

08 - Architectural risk assessments

09 - Component-based systems

10 - Security enhancing tools

11 - Cognitive computing

12 - Control systems

19 - 18. Security Design

01 - Components of a secure environment

02 - Designing network and server controls

03 - Designing data controls

04 - Secure design principles and patterns

05 - Secure interface design

06 - Security architecture and design review

07 - Secure operational architecture

20 - 19. Modeling

01 - Nonfunctional properties and constraints

02 - Data modeling and classification

21 - 20. Domain 5 Secure Software Implementation

01 - Secure software implementation

22 - 21. Secure Coding Practices

01 - Declaring variables

02 - Inputs and outputs

03 - Protecting secrets

04 - Data-flow security

05 - Deployment and operations

06 - Isolation techniques

07 - Processor microarchitecture security

23 - 22. Finding and Fixing Vulnerabilities

01 - Identifying risks

02 - The OWASP Top 10 1-5

03 - The OWASP Top 10 6-10

04 - Common Weakness Enumeration (CWE)

05 - Addressing risks

24 - 23. Component Security

01 - Third-party code and libraries

02 - Component integration

03 - Implementing security controls

04 - Security in the build process

25 - 24. Domain 6 Secure Software Testing

01 - Secure software testing

26 - 25. Developing Security Test Cases

01 - Understanding your test environment

02 - Automation vs. manual testing

03 - Ensuring a comprehensive approach

04 - Validating cryptography

27 - 26. Developing a Testing Strategy

01 - Grouping your tests

02 - Leveraging external resources

03 - Verifying and validating documentation

28 - 27. Conducting Security Tests

01 - Securing test data

02 - Verification and validation testing

03 - Identifying undocumented functionality

29 - 28. Reviewing the Results

01 - Security implications of test results

02 - Classifying and tracking security errors

30 - 29. Domain 7 Secure Software Deployment, Operations, and Maintenance

01 - Secure software deployment, operations, and maintenance

31 - 30. Deploying Your Software

01 - Performing an operational risk analysis

02 - Releasing software securely

03 - Storing and managing security data

04 - Ensuring secure installation

05 - Post-deployment security testing

32 - 31. Shifting Into Operations

01 - Obtaining security approval to operate

02 - Continuous security monitoring

03 - Support incident response

04 - Support continuity of operations

05 - Service level objectives and agreements

33 - 32. Maintaining Your Software

01 - Patch management

02 - Vulnerability management

03 - Runtime protection

34 - 33. Domain 8 Secure Software Supply Chain

01 - Secure software supply chain

35 - 34. Supply Chain Risk Management

01 - Identifying and selecting components

02 - Assessing components risks

03 - Responding to those risks

04 - Monitoring changes and vulnerabilities

05 - Maintaining third-party components

36 - 35. Ensure Software Security

01 - Analyzing third-party software security

02 - Verifying pedigree and provenance

37 - 36. Get It in Writing

01 - Security in the acquisition process

02 - Contractual requirements

38 - 37. Exam Logistics

01 - Registering for the exam

02 - Exam environment

03 - Passing the exam

04 - Exam tips

05 - Practice tests

06 - Experience requirements

07 - Continuing education requirements

39 - Conclusion

01 - Next steps

139,000 تومان

خرید اشتراک افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: LinkedIn Learning (Lynda)