SKILL BENCHMARK

CSSLP: Secure Software Concepts Competency (Intermediate Level)

16m
16 questions

Explore all Skills Benchmarks

The Secure Software Concepts Competency benchmark will evaluate your knowledge of the secure software concepts of confidentiality, integrity, and availability (CIA), in addition to concepts that support CIA, such as authentication, authorization, accountability, and non-repudiation. You will be evaluated on your skills in ensuring key design principles are incorporated into the software development lifecycle, such as least privilege, separation of duties, defense in depth, fail-safe, complete mediation, least common, psychological acceptability, and single points of failure, as well as key security practices. A learner who scores high on this benchmark demonstrates that they have the skills to describe secure software core concepts and incorporate security practices into the software development lifecycle.

Topics covered

describe complete mediation principles such as cookie management, session management, and caching of credentials
describe different availability concepts such as failover, replication, clustering, scalability, and resiliency
describe fail safe principles such as exception handling, non-verbose errors, and deny by default
describe least privileges principles such as access control, need-to know, and run-time privileges
describe non-repudiation concepts such as PKI and digital signatures
describe open design principles such as peer reviewed algorithm
differentiate between authorization concepts such as access controls and entitlements
differentiate between different defense in depth principles such as layered controls, input validation, and security zones
differentiate between different integrity concepts such as hashing, digital signatures, code signing, reliability, alterations, and authenticity
eliminate single points of failure
list accountability concepts such as auditing and logging
list psychological acceptability principles such as password complexity and screen layouts
recognize available authentication concepts such as multifactor authentication, identity and access management, single sign-on, and federated identity
recognize confidentiality concepts such as covert, overt, and encryption
recognize least common mechanism principles such as compartmentalization/isolation
recognize separation of duties principles such as multi-party control, secret sharing, and splitting

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Not included: Compliance, Leadership Development Program content, and Engineering books

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

IT Skills & Salary Report

ESG Impact Report

CSSLP: Secure Software Concepts Competency (Intermediate Level)

Topics covered