Secure Software Lifecycle : Expert

  • 31 Courses | 27h 3m 7s
  • 7 Books | 49h 7m
Likes 10 Likes 10
 
Explore the secure software lifecycle, focusing on secure application development.

GETTING STARTED

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Core Concepts

  • Playable
    1. 
    Course Overview
    2m 6s
    NOW PLAYING
  • Playable
    2. 
    Confidentiality
    3m 19s
    UP NEXT

COURSES INCLUDED

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Core Concepts
This course examines information needed to earn the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) certification and to prepare for the CSSLP exam. These security professionals are well versed in how to incorporate key security practices into all lifecycle stages of software development. This course covers secure software concepts such as covert, overt, and encryption. You will examine the secure software concepts of confidentiality, integrity, and availability (collectively, CIA) and examine concepts that support the concepts, such as authentication, authorization, accountability, and non-repudiation. Learn the difference between various integrity concepts such as hashing, digital signatures, code signing, reliability, alterations, and authenticity. You will also learn about authentication concepts, such as multifactor authentication, identity and access management, single sign-on, and federated identity management. Learn when to use different authorization concepts, such as access controls and entitlements. Finally, the course covers accountability concepts, such as auditing and logging, and describe non-repudiation concepts, such as public key infrastructure (PKI) and digital signatures.
9 videos | 28m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Design Principles
This course explores the design principles that help to ensure key security practices are incorporated into the software development lifecycle, and it prepares you for the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) exam. The design principles you will learn include least privilege, to provide the lowest level of rights and permissions for a user to perform current tasks and separation of duties. This course covers the principles of defense in depth, to include multiple overlapping defenses such as layered controls, input validation, and security zones that work together collectively as a series of defenses. You will learn the concepts of fail-safe principles, including exception handling, and denied by default. Next, learn to design a complete mediation so that authorization is verified every time access is requested. Also covered is a less common design issue is psychological acceptability, such as password complexity and screen layouts, to ensure the design is psychologically acceptable to users. Finally, this course examines the separation of duties principles, including multiparty control, secret sharing and splitting.
13 videos | 39m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Requirements
This course explores the security requirements needed in all stages of the software development lifecycle. Learners first examine the functional requirements, and learn that these requirements start as business requirements that are translated into functional requirements. You will then learn the characteristics or properties of nonfunctional requirements, which include security, maintainability, costs, accuracy, reliability, and performance. This 7-video course then covers how security requirements are aligned with functional and nonfunctional requirements. Next, learn that policies are defined by the National Institute of Standards and Technology (NIST), and are broken down to issue-specific policies, system-specific policies, and program policies. Learn how issue-specific policies address defined issues, while system-specific policies are directives geared towards achieving some technical outcome. Finally, this course examines the legal and regulatory requirements, and policy documents that define the security requirements. You will learn that there are several sources of industry-standard legal, compliance and policy standards. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
7 videos | 22m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Data Classification
This 12-video course explores the different roles played by data classification in the software development lifecycle. You will learn the differences between data owners and data custodians. While data remain the property of the enterprise or organization, data ownership is used to assign responsibility to the person who defines the requirements related to the data, and will manage the data day-to-day requirements. Data custodians are responsible for ensuring that security and access controls are configured and maintained properly. You will learn how labeling data adds extra data to describe the data being protected, which refers to metadata. This course focuses on two types of data, structured and unstructured, and the importance to the secure software lifecycle. Learners will recognize that data type is one of the key factors that determine how data should be secured. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
6 videos | 23m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Privacy
This course explores various issues related to privacy requirements, and their importance in determining how to provide security throughout the software development lifecycle. You will learn the software requirements used to help identify privacy requirements, including data anonymization, user consent, and data disposition. You will learn how an enterprise's high-level privacy policy influences its security responsibilities for the collection, storage, use, and transfer of personal information. This 7-video course examines how organizations collect personal information during their day-to-day business operations. Next, learn the legal importance of protecting PII (personally identifiable information), which is a legal term defined in a memorandum published by the US Office of Management and Budget. You will learn how the European Union (EU) views data protection by its data protection directive, known as EUDPD. Finally, learners will explore the importance of securing data during the process of disposal. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
7 videos | 23m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Abuse Cases & RTMs
This 6-video course explores numerous concepts important in developing secure software requirements. First, learn the purpose of use cases which is a powerful graphical technique for mapping out the functional requirements of a system, and how they can be designed for both developers and testers. The course then explores misuse/abuse cases to examine prohibited activities or a typical attack, and demonstrates an attack through specific misuse case scenarios. Learners examine the benefits of a traceability matrix, a table structure used for documenting and managing requirements, and learn to track implementation details and specifics. This course explores aspects of secure software, and reliable attributes common to all secure software. You will learn that in recovering data, secure software must be predictable and designed to limit damage. Then examine the importance of gathering of security requirements while gathering software requirements. Finally, you will learn how confidentiality requirements detail the ways in which a system must protect against unauthorized disclosure. This course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
6 videos | 17m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Threat Modeling
This 7-video course explores the concept of threat modeling and how to develop and use a threat model. You will examine common threats, such as advanced persistent threats (APTs), insider threats, common malware, and third party/supplier threats. You will learn how a development team creates the threat model by using five well-defined stages. Next, learn to develop a security objective which sets the foundation for the threat model development. You will examine six categories of common threats defined in STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege). Then learn to model STRIDE attacks across trust boundaries, processes, external entities, and the like. This course covers attack surface software, an attack anywhere in the system code access by unauthorized party, and how to minimize it. You will learn about Microsoft's published list of attack surface elements associated with Windows. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
7 videos | 24m has Assessment available Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Architecture
Explore security architecture considerations such as control identification and prioritization, distributed computing, cloud architectures, mobile applications, and hardware platform concerns in this 12-video course. First, learn to identify characteristics of control identification, or an organization's security controls in an enterprise setting and how to prioritize and enterprise's existing security controls. The course then examines th