Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Design Principles

CSSLP 2019
  • 13 Videos | 39m 43s
  • Includes Assessment
  • Earns a Badge
Likes 26 Likes 26
This course explores the design principles that help to ensure key security practices are incorporated into the software development lifecycle, and it prepares you for the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) exam. The design principles you will learn include least privilege, to provide the lowest level of rights and permissions for a user to perform current tasks and separation of duties. This course covers the principles of defense in depth, to include multiple overlapping defenses such as layered controls, input validation, and security zones that work together collectively as a series of defenses. You will learn the concepts of fail-safe principles, including exception handling, and denied by default. Next, learn to design a complete mediation so that authorization is verified every time access is requested. Also covered is a less common design issue is psychological acceptability, such as password complexity and screen layouts, to ensure the design is psychologically acceptable to users. Finally, this course examines the separation of duties principles, including multiparty control, secret sharing and splitting.


  • discover the key concepts covered in this course
    describe least privileges principles such as access control, need-to know, and run-time privileges
    recognize separation of duties principles such as multi-party control, secret sharing, and splitting
    differentiate between different defense in depth principles such as layered controls, input validation, and security zones
    describe fail safe principles such as exception handling, non-verbose errors, and deny by default
    recognize economy of mechanism principles such as single sign-on
    describe complete mediation principles such as cookie management, session management, and caching of credentials
  • describe open design principles such as peer reviewed algorithm
    recognize least common mechanism principles such as compartmentalization/isolation
    list psychological acceptability principles such as password complexity and screen layouts
    leverage existing components such as common controls and libraries
    eliminate single points of failure
    summarize the key concepts covered in this course



Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform

Digital badges are yours to keep, forever.