Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Design Principles
CSSLP 2019
| Intermediate
- 13 videos | 34m 13s
- Includes Assessment
- Earns a Badge
This course explores the design principles that help to ensure key security practices are incorporated into the software development lifecycle, and it prepares you for the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) exam. The design principles you will learn include least privilege, to provide the lowest level of rights and permissions for a user to perform current tasks and separation of duties. This course covers the principles of defense in depth, to include multiple overlapping defenses such as layered controls, input validation, and security zones that work together collectively as a series of defenses. You will learn the concepts of fail-safe principles, including exception handling, and denied by default. Next, learn to design a complete mediation so that authorization is verified every time access is requested. Also covered is a less common design issue is psychological acceptability, such as password complexity and screen layouts, to ensure the design is psychologically acceptable to users. Finally, this course examines the separation of duties principles, including multiparty control, secret sharing and splitting.
WHAT YOU WILL LEARN
-
discover the key concepts covered in this course
describe least privileges principles such as access control, need-to know, and run-time privileges
recognize separation of duties principles such as multi-party control, secret sharing, and splitting
differentiate between different defense in depth principles such as layered controls, input validation, and security zones
describe fail safe principles such as exception handling, non-verbose errors, and deny by default
recognize economy of mechanism principles such as single sign-on
describe complete mediation principles such as cookie management, session management, and caching of credentials -
describe open design principles such as peer reviewed algorithm
recognize least common mechanism principles such as compartmentalization/isolation
list psychological acceptability principles such as password complexity and screen layouts
leverage existing components such as common controls and libraries
eliminate single points of failure
summarize the key concepts covered in this course
IN THIS COURSE
-
1. Course Overview1m 59s
-
2. Least Privilege3m 4s
-
3. Separation of Duties2m 55s
-
4. Defense in Depth3m 4s
-
5. Fail Safe3m 17s
-
6. Economy of Mechanism3m 55s
-
7. Complete Mediation2m 25s
-
8. Open Design1m 59s
-
9. Least Common Mechanism2m 6s
-
10. Psychological Acceptability3m 1s
-
11. Leveraging Existing Components2m 26s
-
12. Eliminate Single Points of Failure2m 4s
-
13. Course Summary1m 58s
EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.
