SKILL BENCHMARK

CSSLP: Secure Software Implementation Competency

  • 23m
  • 23 questions
The Secure Software Implementation Competency benchmark measures your knowledge of the differences between declarative and programmatic security, in addition to defensive coding practices and applying secure coding controls such as configuration, error handling, and session management. You will be evaluated on your skills in using essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques, as well as analyzing code for security vulnerabilities, identifying malicious code, and securely reusing third-party code and integrating components. A learner who scores high on this benchmark demonstrates that they have the skills necessary to recognize and apply secure coding practices and assess security vulnerabilities.

Topics covered

  • analyze reused code for security vulnerabilities
  • describe social engineering attacks such as phishing
  • differentiate between common weakness enumerations and common vulnerabilities and exposure
  • differentiate between static and dynamic analysis
  • distinguish between safe and unsafe API coding practices
  • distinguish between static and dynamic code analysis
  • identify build environment best practices such as anti-tampering techniques and compiler switches
  • locate and list the OWASP "Top 10"
  • recognize characteristics of configuration parameter management as a defensive coding practice
  • recognize characteristics of declarative security
  • recognize characteristics of memory management as a defensive coding practice
  • recognize characteristics of programmatic security
  • recognize characteristics of sandboxing as a defensive coding practice
  • recognize cryptography elements such as storage, agility, encryption, and algorithm selection
  • recognize examples of tokenizing as a defensive coding practice
  • recognize examples of using configuration as a defensive coding practice
  • recognize examples of using input and output sanitization as a defensive coding practice
  • recognize examples of using input validation as a defensive coding practice
  • recognize examples of using logging and auditing as a defensive coding practice
  • recognize examples of using session management as a defensive coding practice
  • recognize how to securely integrate components such as systems of systems integration
  • search for and identify malicious code
  • securely reuse third party code or libraries