Secure Software Lifecycle : Expert

  • 31 Courses | 27h 3m 7s
  • 7 Books | 49h 7m
Likes 11 Likes 11
 
Explore the secure software lifecycle, focusing on secure application development.

GETTING STARTED

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Core Concepts

  • Playable
    1. 
    Course Overview
    2m 6s
    NOW PLAYING
  • Playable
    2. 
    Confidentiality
    3m 19s
    UP NEXT

COURSES INCLUDED

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Core Concepts
This course examines information needed to earn the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) certification and to prepare for the CSSLP exam. These security professionals are well versed in how to incorporate key security practices into all lifecycle stages of software development. This course covers secure software concepts such as covert, overt, and encryption. You will examine the secure software concepts of confidentiality, integrity, and availability (collectively, CIA) and examine concepts that support the concepts, such as authentication, authorization, accountability, and non-repudiation. Learn the difference between various integrity concepts such as hashing, digital signatures, code signing, reliability, alterations, and authenticity. You will also learn about authentication concepts, such as multifactor authentication, identity and access management, single sign-on, and federated identity management. Learn when to use different authorization concepts, such as access controls and entitlements. Finally, the course covers accountability concepts, such as auditing and logging, and describe non-repudiation concepts, such as public key infrastructure (PKI) and digital signatures.
9 videos | 28m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Design Principles
This course explores the design principles that help to ensure key security practices are incorporated into the software development lifecycle, and it prepares you for the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) exam. The design principles you will learn include least privilege, to provide the lowest level of rights and permissions for a user to perform current tasks and separation of duties. This course covers the principles of defense in depth, to include multiple overlapping defenses such as layered controls, input validation, and security zones that work together collectively as a series of defenses. You will learn the concepts of fail-safe principles, including exception handling, and denied by default. Next, learn to design a complete mediation so that authorization is verified every time access is requested. Also covered is a less common design issue is psychological acceptability, such as password complexity and screen layouts, to ensure the design is psychologically acceptable to users. Finally, this course examines the separation of duties principles, including multiparty control, secret sharing and splitting.
13 videos | 39m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Requirements
This course explores the security requirements needed in all stages of the software development lifecycle. Learners first examine the functional requirements, and learn that these requirements start as business requirements that are translated into functional requirements. You will then learn the characteristics or properties of nonfunctional requirements, which include security, maintainability, costs, accuracy, reliability, and performance. This 7-video course then covers how security requirements are aligned with functional and nonfunctional requirements. Next, learn that policies are defined by the National Institute of Standards and Technology (NIST), and are broken down to issue-specific policies, system-specific policies, and program policies. Learn how issue-specific policies address defined issues, while system-specific policies are directives geared towards achieving some technical outcome. Finally, this course examines the legal and regulatory requirements, and policy documents that define the security requirements. You will learn that there are several sources of industry-standard legal, compliance and policy standards. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
7 videos | 22m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Data Classification
This 12-video course explores the different roles played by data classification in the software development lifecycle. You will learn the differences between data owners and data custodians. While data remain the property of the enterprise or organization, data ownership is used to assign responsibility to the person who defines the requirements related to the data, and will manage the data day-to-day requirements. Data custodians are responsible for ensuring that security and access controls are configured and maintained properly. You will learn how labeling data adds extra data to describe the data being protected, which refers to metadata. This course focuses on two types of data, structured and unstructured, and the importance to the secure software lifecycle. Learners will recognize that data type is one of the key factors that determine how data should be secured. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
6 videos | 23m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Privacy
This course explores various issues related to privacy requirements, and their importance in determining how to provide security throughout the software development lifecycle. You will learn the software requirements used to help identify privacy requirements, including data anonymization, user consent, and data disposition. You will learn how an enterprise's high-level privacy policy influences its security responsibilities for the collection, storage, use, and transfer of personal information. This 7-video course examines how organizations collect personal information during their day-to-day business operations. Next, learn the legal importance of protecting PII (personally identifiable information), which is a legal term defined in a memorandum published by the US Office of Management and Budget. You will learn how the European Union (EU) views data protection by its data protection directive, known as EUDPD. Finally, learners will explore the importance of securing data during the process of disposal. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
7 videos | 23m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Abuse Cases & RTMs
This 6-video course explores numerous concepts important in developing secure software requirements. First, learn the purpose of use cases which is a powerful graphical technique for mapping out the functional requirements of a system, and how they can be designed for both developers and testers. The course then explores misuse/abuse cases to examine prohibited activities or a typical attack, and demonstrates an attack through specific misuse case scenarios. Learners examine the benefits of a traceability matrix, a table structure used for documenting and managing requirements, and learn to track implementation details and specifics. This course explores aspects of secure software, and reliable attributes common to all secure software. You will learn that in recovering data, secure software must be predictable and designed to limit damage. Then examine the importance of gathering of security requirements while gathering software requirements. Finally, you will learn how confidentiality requirements detail the ways in which a system must protect against unauthorized disclosure. This course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
6 videos | 17m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Threat Modeling
This 7-video course explores the concept of threat modeling and how to develop and use a threat model. You will examine common threats, such as advanced persistent threats (APTs), insider threats, common malware, and third party/supplier threats. You will learn how a development team creates the threat model by using five well-defined stages. Next, learn to develop a security objective which sets the foundation for the threat model development. You will examine six categories of common threats defined in STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege). Then learn to model STRIDE attacks across trust boundaries, processes, external entities, and the like. This course covers attack surface software, an attack anywhere in the system code access by unauthorized party, and how to minimize it. You will learn about Microsoft's published list of attack surface elements associated with Windows. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
7 videos | 24m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Architecture
Explore security architecture considerations such as control identification and prioritization, distributed computing, cloud architectures, mobile applications, and hardware platform concerns in this 12-video course. First, learn to identify characteristics of control identification, or an organization's security controls in an enterprise setting and how to prioritize and enterprise's existing security controls. The course then examines the elements of distributed computing, a type of parallel computing in which software is divided into multiple tasks. Next, learners will explore service-oriented architecture, which is a collection of services that communicate with each other. You will learn about rich Internet web-based applications and pervasive computing, including the Internet of Things, wireless and sensor networks, embedded security architecture, cloud architectures, mobile app architectures, and hardware platforms. Finally, the course explores how an embedded system is designed to perform a specific operation as part of a larger hardware-based machine or system. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
12 videos | 55m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Architectural Risk & Modeling
This course explores the use of architectural risk assessment to identify flaws in software, and to determine risks. You will learn to use security management interfaces, and how to design and integrate the interfacing security functionality with existing software to meet an enterprise's security objectives. This 9-video course will examine upstream/downstream software development and compatibility, the types of design decisions when encountering interconnectivity with other applications, and any considerations concerning key sharing, single sign-on, token-based security, and delegation of trust. You will learn the two types of channels, message passing and shared memory channels, for communication between two entities. Next, learn how to do a proper architectural risk analysis by using vulnerability analysis, ambiguity analysis, and platform vulnerability analysis. Learners then use an engineering goal-oriented model to evaluate security, and learn how to use an NFR (nonfunctional requirements) framework. Finally, the course examines data classification. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
9 videos | 33m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Technologies
In this 13-video course, learners can explore best practices for securing commonly used architecture and technologies such as virtualization, databases, and the programming language environment. First, learn the three steps involved in authentication and identity management. Next, earn the principles of Credential Management and protecting credentials used for authentication, including passwords, tokens, biometrics, and certificates. Learners will then examine logging or recording a user's actions within a system, and data flow control methods. Next, learn about data loss prevention as an in-depth security strategy that encompasses many different technologies. Learn how virtualization allows for software to be hosted in a virtual environment. Learners will then examine digit rights management (DMR), which restricts access to content that is not local to secure digital content, and protect intellectual property. Finally, the course explores the basis of trusted computing—the hardware, software, and firmware components critical to securing a system which includes discussion of programming language and operating systems. This course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
13 videos | 1h 7m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Design Principles
In this 6-video course, you will discover the basic issues involved in how to perform design security reviews, design secure assembly architecture for component-based systems, and use architecture and design tools that enhance security. First, learn to pay attention to the type of operational environment the software will be running under: is the software intended for public use via the Web, or is it only available within a stable, controlled network? Who will be the end users? Will you need to collaborate and coordinate testing, timing, and integration? Learn security patterns, and consider what security-enhancing architecture is available. Next, learn to distinguish between software appropriate for centralized and decentralized system; identify budgetary constraints, and consider available resources. Will new technologies need to be incorporated into the design at a later date? Your emphasis should be on the future—learning to build a flexible, modular system that can scale up and grow may be imperative. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
6 videos | 24m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Coding Practices
In this 19-video course, learners will explore the intricate world of secure coding practices. Topics covered in detail include declarative versus imperative (programmatic) security—whether the security is part of the application or part of the container. Next, survey defensive coding practices and control such as secure configuration, error handling, and session management. Learners will also explore cryptography, input and output sanitization, error handling, input validation, logging and auditing, and session and exception management. You will learn important information about safe application programming interfaces (APIs), including those that offer different types of functionality, such as Microsoft's Crypto API and Python's pycrypto, which both provide cryptographic functions; popular social media platforms provide their own APIs that programmers can tap into while incorporating aspects of those services. Learn more about useful concepts such as concurrency, type safety, memory management, configuration parameter management, tokenizing, and sandboxing. The course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
19 videos | 1h 20m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Vulnerabilities
Explore how to identify and assess security vulnerabilities in this 20-video course, in which you will encounter essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques. First, become familiar with malicious practices and the threats outlined in the Open Web Application Security Project (OWASP) Top 10 list and the Common Weakness Enumeration (CWE) list of software weaknesses. You will soon be able to differentiate between CWE and Common Vulnerabilities and Exposure (CVE) lists. Next, learn to describe the characteristics of injection attacks, before watching demonstrations of input validation failures such as buffer overflows, canonical form, missing defense functions, and general programming failures. You will examine how to analyze reuse code for security vulnerabilities, identify malicious code, securely reuse third-party code, and securely integrate components. Finally, learners will hear discussions of defensive coding, side channels, social engineering attacks, source code and versioning. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
20 videos | 1h 30m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing Types
This 14-video course explores essential testing types—including penetration testing, scanning, simulation testing, failure testing, and cryptographic validation—and many of the best practices. You will also learn more about other types, such as fuzzing, regression testing, continuous testing, attack surface validation, and unit testing. Learn about certification testing—performed as part of a certification process, when load or stress testing determines how the system operates under heavy loads and what effect load has on the system. You will be introduced to ISECOM's Open Source Security Testing Methodology Manual, a comprehensive methodology related to penetration and security testing, security analysis, and measuring operational security. It includes test cases whose outcomes provide verified facts, amounting to actionable information that can tangibly and measurably improve operational security. Become familiar with how to perform an impact assessment, learn why defects discovered during testing must be addressed, and learn the meaning of Priority and Severity levels derived from the defect report. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
14 videos | 47m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing for Security & Quality Assurance
In this 13-video course, learners will explore best practices for testing for security and quality assurance. This includes testing artifacts, nonfunctional testing, functional testing, security testing, the testing environment, and bug tracking. Next, learn about the concepts of attack surface validation and test functionality. Other major topics covered include the ISO 9126 software quality model; the System Security Engineering Capability Maturity model and its five levels; the Open Source Security Testing Methodology Manual (OSSTMM); and the US Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) standards, under which any Department of Defense owned or controlled information system must be certified, irrespective of classification or sensitivity level. Learn about data lifecycle management, a practice that describes the definition and the structure of the necessary steps that should be taken in order to optimize the useful life of an organization's data. The course helps to prepare learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
13 videos | 56m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Software Testing
This 8-video course covers the use of secure software testing best practices, specifically exploring how to perform secure software testing by tracking security errors, developing securing test data, and verification and validation testing results. Learners will first explore undocumented features—an IT-related term developed to describe software bugs or defects—and how to resolve them, including by use of host-based intrusion prevention systems. Next, you will explore security implications of test results. In general, testing should be performed throughout the software development lifecycle by software testers, members of the quality assurance (QA) team responsible for testing and managing software testers. Artifacts—resources which support the development process—are created throughout the lifecycle process, including use cases and the test plan which identifies objectives of the software test. Learn how to perform secure software testing, to track security errors, and verify and validate the results. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
8 videos | 26m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Lifecycle Management
Explore how to use the secure lifecycle management model in this 15-video course. First, learners will hear practical descriptions of secure configurations, inversion control, how to obtain security milestones, and secure software methodology. Then receive an overview of security standards and frameworks, and explore configuration management as it relates to source code version control. Next, the course discusses how to prepare proper security documentation, provides an overview of a security matrix, and describes end-of-life policies. Learners will then watch demonstrations of how to perform data destruction and how to perform credential removal. You will learn about concepts such as security metrics and governance, risk, and compliance (GRC). The course concludes with useful discussions of what acceptance is, including software qualification testing, planning hierarchy, what the characteristics of the pre-release testing process are, and the characteristics of a post-release plan; and how and when to report security status. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
15 videos | 54m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Governance, Risk, and Compliance
This 10-video course explores regulations and compliance considerations as they relate to governance, risk, and compliance (GRC). First, learners will identify legal factors, such as intellectual property and breach notifications, and learn about General Data Protection Regulations (GDPR), for which violations can result in significant financial penalties. Next, learn about standards and guidelines, including those from the International Organization for Standardization (ISO), the Payment Card Industry Data Security Standard, the National Institute for Standards and Technology (NIST), the Open Web Application Security Project (OWASP), the Software Assurance Forum for Excellence in Code, the Software Assurance Maturity Model, and Building Security In Maturity Model. You will then hear discussions of risk management and risk response. Explore common terminology, including threats, vulnerability, residual risk, controls, probability, and impact. Learn to differentiate between technical risk and business risk. The course concludes by exploring productive strategies, including mitigate, accept, transfer, and avoid. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
10 videos | 40m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Software Deployment & Management
In this 18-video course, learners can explore how to deploy and maintain software and operations. First, you will examine pre-release and post-release activities to address factors such as pre-release testing, completion criteria, risk analysis, incident response, and disaster recovery considerations. Next, examine pre-deployment and post-deployment security testing, security approval, security monitoring, incident response. Examine concepts such as secure activation, environment hardening, and disaster recovery, in which testing is critical to test software and data recoverability, often revealing problems with system availability and data accuracy and integrity. Learn to perform failover testing to ensure that the failover mechanism works as intended, and to consider simulated disasters as a strategy for testing recoverability. You will absorb the basic principles of problem and change management—a process guiding organizations when modifying software or performing upgrades or fixes on software applications—as well as patch and vulnerability management. Next, you will learn more about working with backups, archiving, and retention. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
18 videos | 1h 3m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Supply Chain & Software Acquisition
This 20-video course examines a variety of best practices for supply chain and software acquisitions. Begin by watching demonstrations of how to analyze security for a third-party software and how to verify secure transfers. Then learn the steps involved in securely interconnecting and sharing systems; how to implement code repository security; how to build environment security; and how to work with digitally-signed components. Next, explore such important topics as compliance auditing, vulnerability response and reporting, supplier sourcing challenges, contractual integrity controls, and vendor technical integrity controls. Learn the basics of how to verify pedigree and provenance. The course also covers topics such as managed services controls, service level agreements (SLAs), support structure, and software development lifecycle approaches, as well as how to secure information systems, security track records, and product deployment. Finally, you will review the configuration identification scheme, a crucial tool in configuration management. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
20 videos | 1h 2m has Assessment available Badge
Secure Concepts
A fundamental understanding of risk and exposure through the software life cycle is the basis for software security. Explore the core concepts of confidentiality, integrity, authentication, and authorization.
15 videos | 1h 19m has Assessment available Badge
Secure Risk, Vulnerabilities, & Exposure
Modern software design methodologies should implement security as one of the primary objectives. Explore security design principles, such a least privilege, separation of duties, fail safe, and economy of mechanism.
11 videos | 40m has Assessment available Badge
Secure Requirements
Integrating security into the software development process is paramount to secure software development. Explore internal and external security requirements, the role of deployment, sequencing and timing, and operational requirements.
15 videos | 1h 11m has Assessment available Badge
Secure Design
Security practices must be integrated in every aspect of software design. Explore secure software design processes, such as attack surface evaluation, control identification and prioritization, and threat modeling.
16 videos | 1h 27m has Assessment available Badge
Software Design Technologies
Security practices must be integrated in every aspect of software design. Explore best practices for securing architecture and technologies, such as virtualization, databases, and the programming language environment.
12 videos | 1h 1m has Assessment available Badge
Secure Implementation & Coding
Secure coding practices apply to both coding and software component integration. Explore declarative vs. programmatic security, OWASP and CWE, and defensive coding practices, such as configuration, error handling, and session management.
19 videos | 1h 31m has Assessment available Badge
Secure Versioning & Analysis
Secure coding practices apply to both coding and software component integration. Discover essential secure coding techniques, including versioning, peer-based code reviews, code analysis, and anti-tampering techniques.
5 videos | 27m has Assessment available Badge
Secure Testing
Secure software testing provides a basis of risk assessment and possible remediation. Explore methods of quality assurance, including artifact testing, functional and nonfunctional testing, bug tracking, testing types, and test results.
19 videos | 1h 23m has Assessment available Badge
Software Acceptance, Deployment, Operations, & Maintenance
Regardless of the design, vulnerabilities in software are to be expected. Explore pre- and post-release activities, installation and deployment controls, and operations and maintenance best practices for managing vulnerabilities.
17 videos | 1h 19m has Assessment available Badge
Supply Chain & Software Acquisition
Software life cycle activities regularly extend beyond the internal environment. Explore supplier risk assessment considerations, including intellectual property, code reuse, and legal compliance complexities.
14 videos | 1h 11m has Assessment available Badge
Software Acquisition
Software life cycle activities regularly extend beyond the internal environment. Explore software delivery and maintenance best practices, including publishing and dissemination controls, product deployment, and sustainment controls.
9 videos | 42m has Assessment available Badge
SHOW MORE
FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE COURSES

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

BOOKS INCLUDED

Book

CSSLP Certification All-in-One Exam Guide, Second Edition
Filled with exam tips, practice questions, and in-depth explanations, this definitive resource covers all eight exam domains developed by the International Information Systems Security Certification Consortium, and is designed to help you pass the exam with ease.
Book Duration 8h 31m Book Authors By Dan Shoemaker, Wm. Arthur Conklin

Book

Secure and Resilient Software: Requirements, Test Cases, and Testing Methods
Offering ground-level, already-developed software requirements and corresponding test cases and methods, this resource-rich book will help to ensure that your software meets its nonfunctional requirements for security and resilience.
Book Duration 2h 52m Book Authors By Lakshmikanth Raghavan, Mark S. Merkow

Book

The CSSLP Prep Guide: Mastering the Certified Secure Software Lifecycle Professional
Written by experts in computer systems and security, this guide covers vital topics in the area of software security, conveys the key concepts and principles that the CSSLP embodies, and imparts beneficial insight for taking the Certification exam.
Book Duration 11h 21m Book Authors By Alexander J. Fry, Ronald L. Krutz

Book

Embedded Systems Security: Practical Methods for Safe and Secure Software and Systems Development
Containing nuggets of practical and simple advice on critical issues, this indispensible guide offers a broad understanding of security principles, concerns, and technologies, as well as proven techniques for the efficient development of safe and secure embedded software.
Book Duration 7h 24m Book Authors By David Kleidermacher, Mike Kleidermacher

Book

Architecting Secure Software Systems
Defining a myriad of security vulnerabilities and their resultant threats, this book explains how security should be incorporated into basic software engineering at the requirement analysis phase.
Book Duration 10h 27m Book Authors By Asoke K. Talukder, Manish Chaitanya

Book

The 7 Qualities of Highly Secure Software
Using engaging anecdotes and analogies to illustrate the essential qualities needed, this book provides a framework for designing, developing, and deploying hacker-resilient software.
Book Duration 1h 57m Book Authors By Mano Paul

Book

Core Software Security: Security at the Source
Exploring a holistic process to engage creativity for security - developer-centric software security, this book outlines a step-by-step process for software security that is relevant to today's technical, operational, business, and development environments
Book Duration 6h 35m Book Authors By Anmol Milsra, Brook Schoenfield, James Ransome
SHOW MORE
FREE ACCESS

YOU MIGHT ALSO LIKE

Likes 116 Likes 116  
Likes 114 Likes 114