CSSLP: Secure Software Architecture and Design Competency (Intermediate Level)

  • 25m
  • 25 questions
The Secure Software Architecture and Design Competency benchmark measures your knowledge of common threats such as APT, insider threats, common malware, and third party/supplier risks, as well as performing attack surface evaluation. You will be evaluated on your skills in recognizing security architecture considerations such as identification and prioritization, distributed/pervasive computing, and applying best practices for securing commonly used architecture and technologies like virtualization, databases, and the programming language environment. A learner who scores high on this benchmark demonstrates that they have the skills to develop a threat model, define security architectures, perform an architectural risk assessment, and secure commonly used architectures and technologies.

Topics covered

  • describe hardware platform concerns
  • describe pervasive computing including IoT, wireless, location-based, RFID, near field communication, and sensor networks
  • describe protocol design choices such as APIs, weaknesses, state, and models
  • describe the process of threat modeling
  • describe upstream and downstream dependencies such as key and data sharing between apps
  • design secure assembly architecture for component-based systems, including client-side data storage and network attached storage
  • distinguish between characteristics of authentication and identity management
  • distinguish between compilers, interpreters, and hybrid source codes
  • distinguish between flow control methods
  • identify benefits of virtualization in secure software design
  • identify characteristics of control identification and prioritization
  • identify common architecture frameworks
  • list embedded security architecture considerations such as control systems and firmware
  • list typical security issues relating to mobile applications
  • model and classify data
  • recognize characteristics of data loss prevention
  • recognize elements of the service-oriented architecture such as enterprise service bus and web services
  • recognize how to minimize the attack surface
  • recognize how to model common threats
  • recognize how to model typical threats, including advanced persistent threats, insider threats, common malware, and third-party/supplier
  • recognize how to perform attack surface evaluation
  • recognize how to perform design security reviews
  • recognize types of rights expression languages in digital rights management
  • use secure design principles and patterns
  • use security enhancing architecture and design tools