Certified Secure Software Lifecycle Professional (CSSLP): Certified Secure Software Lifecycle Professional (CSSLP) 2019
Certification Exam:
- 6 Courses | 5h 29m 26s
- 3 Books | 28h 37m
- 20 Courses | 13h 8m 12s
- 2 Books | 16h 14m
- 9 Courses | 15h 1m 50s
Prepare for the CSSLP certification by acquiring the knowledge to create and maintain secure software throughout its life cycle.
GETTING STARTED
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Core Concepts
-
2m 6s
-
3m 19s
COURSES INCLUDED
Secure Risk, Vulnerabilities, & Exposure
Modern software design methodologies should implement security as one of the primary objectives. Explore security design principles, such a least privilege, separation of duties, fail safe, and economy of mechanism.
11 videos |
35m
Assessment
Badge
Secure Requirements
Integrating security into the software development process is paramount to secure software development. Explore internal and external security requirements, the role of deployment, sequencing and timing, and operational requirements.
15 videos |
1h 4m
Assessment
Badge
Software Design Technologies
Security practices must be integrated in every aspect of software design. Explore best practices for securing architecture and technologies, such as virtualization, databases, and the programming language environment.
12 videos |
55m
Assessment
Badge
Software Acceptance, Deployment, Operations, & Maintenance
Regardless of the design, vulnerabilities in software are to be expected. Explore pre- and post-release activities, installation and deployment controls, and operations and maintenance best practices for managing vulnerabilities.
17 videos |
1h 11m
Assessment
Badge
Supply Chain & Software Acquisition
Software life cycle activities regularly extend beyond the internal environment. Explore supplier risk assessment considerations, including intellectual property, code reuse, and legal compliance complexities.
14 videos |
1h 4m
Assessment
Badge
Software Acquisition
Software life cycle activities regularly extend beyond the internal environment. Explore software delivery and maintenance best practices, including publishing and dissemination controls, product deployment, and sustainment controls.
9 videos |
38m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Core Concepts
This course examines information needed to earn the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) certification and to prepare for the CSSLP exam. These security professionals are well versed in how to incorporate key security practices into all lifecycle stages of software development. This course covers secure software concepts such as covert, overt, and encryption. You will examine the secure software concepts of confidentiality, integrity, and availability (collectively, CIA) and examine concepts that support the concepts, such as authentication, authorization, accountability, and non-repudiation. Learn the difference between various integrity concepts such as hashing, digital signatures, code signing, reliability, alterations, and authenticity. You will also learn about authentication concepts, such as multifactor authentication, identity and access management, single sign-on, and federated identity management. Learn when to use different authorization concepts, such as access controls and entitlements. Finally, the course covers accountability concepts, such as auditing and logging, and describe non-repudiation concepts, such as public key infrastructure (PKI) and digital signatures.
9 videos |
24m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Design Principles
This course explores the design principles that help to ensure key security practices are incorporated into the software development lifecycle, and it prepares you for the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) exam. The design principles you will learn include least privilege, to provide the lowest level of rights and permissions for a user to perform current tasks and separation of duties. This course covers the principles of defense in depth, to include multiple overlapping defenses such as layered controls, input validation, and security zones that work together collectively as a series of defenses. You will learn the concepts of fail-safe principles, including exception handling, and denied by default. Next, learn to design a complete mediation so that authorization is verified every time access is requested. Also covered is a less common design issue is psychological acceptability, such as password complexity and screen layouts, to ensure the design is psychologically acceptable to users. Finally, this course examines the separation of duties principles, including multiparty control, secret sharing and splitting.
13 videos |
34m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Requirements
This course explores the security requirements needed in all stages of the software development lifecycle. Learners first examine the functional requirements, and learn that these requirements start as business requirements that are translated into functional requirements. You will then learn the characteristics or properties of nonfunctional requirements, which include security, maintainability, costs, accuracy, reliability, and performance. This 7-video course then covers how security requirements are aligned with functional and nonfunctional requirements. Next, learn that policies are defined by the National Institute of Standards and Technology (NIST), and are broken down to issue-specific policies, system-specific policies, and program policies. Learn how issue-specific policies address defined issues, while system-specific policies are directives geared towards achieving some technical outcome. Finally, this course examines the legal and regulatory requirements, and policy documents that define the security requirements. You will learn that there are several sources of industry-standard legal, compliance and policy standards. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
7 videos |
20m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Data Classification
This 12-video course explores the different roles played by data classification in the software development lifecycle. You will learn the differences between data owners and data custodians. While data remain the property of the enterprise or organization, data ownership is used to assign responsibility to the person who defines the requirements related to the data, and will manage the data day-to-day requirements. Data custodians are responsible for ensuring that security and access controls are configured and maintained properly. You will learn how labeling data adds extra data to describe the data being protected, which refers to metadata. This course focuses on two types of data, structured and unstructured, and the importance to the secure software lifecycle. Learners will recognize that data type is one of the key factors that determine how data should be secured. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
6 videos |
21m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Privacy
This course explores various issues related to privacy requirements, and their importance in determining how to provide security throughout the software development lifecycle. You will learn the software requirements used to help identify privacy requirements, including data anonymization, user consent, and data disposition. You will learn how an enterprise's high-level privacy policy influences its security responsibilities for the collection, storage, use, and transfer of personal information. This 7-video course examines how organizations collect personal information during their day-to-day business operations. Next, learn the legal importance of protecting PII (personally identifiable information), which is a legal term defined in a memorandum published by the US Office of Management and Budget. You will learn how the European Union (EU) views data protection by its data protection directive, known as EUDPD. Finally, learners will explore the importance of securing data during the process of disposal. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
7 videos |
20m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Abuse Cases & RTMs
This 6-video course explores numerous concepts important in developing secure software requirements. First, learn the purpose of use cases which is a powerful graphical technique for mapping out the functional requirements of a system, and how they can be designed for both developers and testers. The course then explores misuse/abuse cases to examine prohibited activities or a typical attack, and demonstrates an attack through specific misuse case scenarios. Learners examine the benefits of a traceability matrix, a table structure used for documenting and managing requirements, and learn to track implementation details and specifics. This course explores aspects of secure software, and reliable attributes common to all secure software. You will learn that in recovering data, secure software must be predictable and designed to limit damage. Then examine the importance of gathering of security requirements while gathering software requirements. Finally, you will learn how confidentiality requirements detail the ways in which a system must protect against unauthorized disclosure. This course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
6 videos |
15m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Threat Modeling
This 7-video course explores the concept of threat modeling and how to develop and use a threat model. You will examine common threats, such as advanced persistent threats (APTs), insider threats, common malware, and third party/supplier threats. You will learn how a development team creates the threat model by using five well-defined stages. Next, learn to develop a security objective which sets the foundation for the threat model development. You will examine six categories of common threats defined in STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege). Then learn to model STRIDE attacks across trust boundaries, processes, external entities, and the like. This course covers attack surface software, an attack anywhere in the system code access by unauthorized party, and how to minimize it. You will learn about Microsoft's published list of attack surface elements associated with Windows. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
7 videos |
22m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Architecture
Explore security architecture considerations such as control identification and prioritization, distributed computing, cloud architectures, mobile applications, and hardware platform concerns in this 12-video course. First, learn to identify characteristics of control identification, or an organization's security controls in an enterprise setting and how to prioritize and enterprise's existing security controls. The course then examines the elements of distributed computing, a type of parallel computing in which software is divided into multiple tasks. Next, learners will explore service-oriented architecture, which is a collection of services that communicate with each other. You will learn about rich Internet web-based applications and pervasive computing, including the Internet of Things, wireless and sensor networks, embedded security architecture, cloud architectures, mobile app architectures, and hardware platforms. Finally, the course explores how an embedded system is designed to perform a specific operation as part of a larger hardware-based machine or system. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
12 videos |
50m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Architectural Risk & Modeling
This course explores the use of architectural risk assessment to identify flaws in software, and to determine risks. You will learn to use security management interfaces, and how to design and integrate the interfacing security functionality with existing software to meet an enterprise's security objectives. This 9-video course will examine upstream/downstream software development and compatibility, the types of design decisions when encountering interconnectivity with other applications, and any considerations concerning key sharing, single sign-on, token-based security, and delegation of trust. You will learn the two types of channels, message passing and shared memory channels, for communication between two entities. Next, learn how to do a proper architectural risk analysis by using vulnerability analysis, ambiguity analysis, and platform vulnerability analysis. Learners then use an engineering goal-oriented model to evaluate security, and learn how to use an NFR (nonfunctional requirements) framework. Finally, the course examines data classification. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
9 videos |
30m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Technologies
In this 13-video course, learners can explore best practices for securing commonly used architecture and technologies such as virtualization, databases, and the programming language environment. First, learn the three steps involved in authentication and identity management. Next, earn the principles of Credential Management and protecting credentials used for authentication, including passwords, tokens, biometrics, and certificates. Learners will then examine logging or recording a user's actions within a system, and data flow control methods. Next, learn about data loss prevention as an in-depth security strategy that encompasses many different technologies. Learn how virtualization allows for software to be hosted in a virtual environment. Learners will then examine digit rights management (DMR), which restricts access to content that is not local to secure digital content, and protect intellectual property. Finally, the course explores the basis of trusted computing-the hardware, software, and firmware components critical to securing a system which includes discussion of programming language and operating systems. This course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
13 videos |
1h 1m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Design Principles
In this 6-video course, you will discover the basic issues involved in how to perform design security reviews, design secure assembly architecture for component-based systems, and use architecture and design tools that enhance security. First, learn to pay attention to the type of operational environment the software will be running under: is the software intended for public use via the Web, or is it only available within a stable, controlled network? Who will be the end users? Will you need to collaborate and coordinate testing, timing, and integration? Learn security patterns, and consider what security-enhancing architecture is available. Next, learn to distinguish between software appropriate for centralized and decentralized system; identify budgetary constraints, and consider available resources. Will new technologies need to be incorporated into the design at a later date? Your emphasis should be on the future-learning to build a flexible, modular system that can scale up and grow may be imperative. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
6 videos |
22m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Coding Practices
In this 19-video course, learners will explore the intricate world of secure coding practices. Topics covered in detail include declarative versus imperative (programmatic) security-whether the security is part of the application or part of the container. Next, survey defensive coding practices and control such as secure configuration, error handling, and session management. Learners will also explore cryptography, input and output sanitization, error handling, input validation, logging and auditing, and session and exception management. You will learn important information about safe application programming interfaces (APIs), including those that offer different types of functionality, such as Microsoft's Crypto API and Python's pycrypto, which both provide cryptographic functions; popular social media platforms provide their own APIs that programmers can tap into while incorporating aspects of those services. Learn more about useful concepts such as concurrency, type safety, memory management, configuration parameter management, tokenizing, and sandboxing. The course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
19 videos |
1h 11m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Vulnerabilities
Explore how to identify and assess security vulnerabilities in this 20-video course, in which you will encounter essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques. First, become familiar with malicious practices and the threats outlined in the Open Web Application Security Project (OWASP) Top 10 list and the Common Weakness Enumeration (CWE) list of software weaknesses. You will soon be able to differentiate between CWE and Common Vulnerabilities and Exposure (CVE) lists. Next, learn to describe the characteristics of injection attacks, before watching demonstrations of input validation failures such as buffer overflows, canonical form, missing defense functions, and general programming failures. You will examine how to analyze reuse code for security vulnerabilities, identify malicious code, securely reuse third-party code, and securely integrate components. Finally, learners will hear discussions of defensive coding, side channels, social engineering attacks, source code and versioning. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
20 videos |
1h 21m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing Types
This 14-video course explores essential testing types-including penetration testing, scanning, simulation testing, failure testing, and cryptographic validation-and many of the best practices. You will also learn more about other types, such as fuzzing, regression testing, continuous testing, attack surface validation, and unit testing. Learn about certification testing-performed as part of a certification process, when load or stress testing determines how the system operates under heavy loads and what effect load has on the system. You will be introduced to ISECOM's Open Source Security Testing Methodology Manual, a comprehensive methodology related to penetration and security testing, security analysis, and measuring operational security. It includes test cases whose outcomes provide verified facts, amounting to actionable information that can tangibly and measurably improve operational security. Become familiar with how to perform an impact assessment, learn why defects discovered during testing must be addressed, and learn the meaning of Priority and Severity levels derived from the defect report. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
14 videos |
41m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing for Security & Quality Assurance
In this 13-video course, learners will explore best practices for testing for security and quality assurance. This includes testing artifacts, nonfunctional testing, functional testing, security testing, the testing environment, and bug tracking. Next, learn about the concepts of attack surface validation and test functionality. Other major topics covered include the ISO 9126 software quality model; the System Security Engineering Capability Maturity model and its five levels; the Open Source Security Testing Methodology Manual (OSSTMM); and the US Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) standards, under which any Department of Defense owned or controlled information system must be certified, irrespective of classification or sensitivity level. Learn about data lifecycle management, a practice that describes the definition and the structure of the necessary steps that should be taken in order to optimize the useful life of an organization's data. The course helps to prepare learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
13 videos |
50m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Software Testing
This 8-video course covers the use of secure software testing best practices, specifically exploring how to perform secure software testing by tracking security errors, developing securing test data, and verification and validation testing results. Learners will first explore undocumented features-an IT-related term developed to describe software bugs or defects-and how to resolve them, including by use of host-based intrusion prevention systems. Next, you will explore security implications of test results. In general, testing should be performed throughout the software development lifecycle by software testers, members of the quality assurance (QA) team responsible for testing and managing software testers. Artifacts-resources which support the development process-are created throughout the lifecycle process, including use cases and the test plan which identifies objectives of the software test. Learn how to perform secure software testing, to track security errors, and verify and validate the results. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
8 videos |
23m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Lifecycle Management
Explore how to use the secure lifecycle management model in this 15-video course. First, learners will hear practical descriptions of secure configurations, inversion control, how to obtain security milestones, and secure software methodology. Then receive an overview of security standards and frameworks, and explore configuration management as it relates to source code version control. Next, the course discusses how to prepare proper security documentation, provides an overview of a security matrix, and describes end-of-life policies. Learners will then watch demonstrations of how to perform data destruction and how to perform credential removal. You will learn about concepts such as security metrics and governance, risk, and compliance (GRC). The course concludes with useful discussions of what acceptance is, including software qualification testing, planning hierarchy, what the characteristics of the pre-release testing process are, and the characteristics of a post-release plan; and how and when to report security status. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
15 videos |
48m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Governance, Risk, and Compliance
This 10-video course explores regulations and compliance considerations as they relate to governance, risk, and compliance (GRC). First, learners will identify legal factors, such as intellectual property and breach notifications, and learn about General Data Protection Regulations (GDPR), for which violations can result in significant financial penalties. Next, learn about standards and guidelines, including those from the International Organization for Standardization (ISO), the Payment Card Industry Data Security Standard, the National Institute for Standards and Technology (NIST), the Open Web Application Security Project (OWASP), the Software Assurance Forum for Excellence in Code, the Software Assurance Maturity Model, and Building Security In Maturity Model. You will then hear discussions of risk management and risk response. Explore common terminology, including threats, vulnerability, residual risk, controls, probability, and impact. Learn to differentiate between technical risk and business risk. The course concludes by exploring productive strategies, including mitigate, accept, transfer, and avoid. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
10 videos |
36m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Software Deployment & Management
In this 18-video course, learners can explore how to deploy and maintain software and operations. First, you will examine pre-release and post-release activities to address factors such as pre-release testing, completion criteria, risk analysis, incident response, and disaster recovery considerations. Next, examine pre-deployment and post-deployment security testing, security approval, security monitoring, incident response. Examine concepts such as secure activation, environment hardening, and disaster recovery, in which testing is critical to test software and data recoverability, often revealing problems with system availability and data accuracy and integrity. Learn to perform failover testing to ensure that the failover mechanism works as intended, and to consider simulated disasters as a strategy for testing recoverability. You will absorb the basic principles of problem and change management-a process guiding organizations when modifying software or performing upgrades or fixes on software applications-as well as patch and vulnerability management. Next, you will learn more about working with backups, archiving, and retention. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
18 videos |
55m
Assessment
Badge
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Supply Chain & Software Acquisition
This 20-video course examines a variety of best practices for supply chain and software acquisitions. Begin by watching demonstrations of how to analyze security for a third-party software and how to verify secure transfers. Then learn the steps involved in securely interconnecting and sharing systems; how to implement code repository security; how to build environment security; and how to work with digitally-signed components. Next, explore such important topics as compliance auditing, vulnerability response and reporting, supplier sourcing challenges, contractual integrity controls, and vendor technical integrity controls. Learn the basics of how to verify pedigree and provenance. The course also covers topics such as managed services controls, service level agreements (SLAs), support structure, and software development lifecycle approaches, as well as how to secure information systems, security track records, and product deployment. Finally, you will review the configuration identification scheme, a crucial tool in configuration management. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
20 videos |
53m
Assessment
Badge
SHOW MORE
FREE ACCESS
COURSES INCLUDED
CSSLP 2024: Secure Software Concepts
Understanding secure software concepts is crucial for the CSSLP exam as it ensures professionals can design, implement, and manage secure software systems. In this course, you will explore the fundamental principles of confidentiality, integrity, and availability. Then, you will discover the core concepts of authentication, authorization, and accountability, learning how to verify identities, control access, and ensure actions are traceable. Next, you will investigate various threats to confidentiality, including social engineering and malware, as well as common misconfigurations and software vulnerabilities, emphasizing the importance of secure coding practices and regular security assessments to mitigate these risks. You will examine techniques to enhance confidentiality through encryption and access controls, ensuring data protection both at rest and in transit. Finally, you will focus on advanced authentication methods such as multi-factor authentication (MFA), certificate-based authentication, and single sign-on (SSO) and you will learn about federated identity protocols, which provide secure and seamless access across multiple systems and organizations. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
9 videos |
1h 19m
Assessment
Badge
CSSLP 2024: Security Design Principles
Security design principles are crucial for the CSSLP exam as they enable professionals to create resilient software systems, protect sensitive data, mitigate risks, and ensure compliance with industry standards, ultimately enhancing overall cybersecurity and professional credibility. In this course, you will explore security controls for integrity and the use of digital signatures to verify the origin and integrity of data. Next, you will learn about security controls for availability, including redundancy, replication, clustering, scalability, and resiliency to help ensure that systems remain operational and accessible even in the face of failures or high demand. Then you will also examine the concepts of privacy and nonrepudiation, as well as essential security design principles, such as least privilege, separation of duties, and Defense in Depth. Finally, you will investigate economy of mechanism, complete mediation, the principles of open design, and Kerckhoffs's principle, emphasizing simplicity, thoroughness, and transparency in security designs. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
10 videos |
1h 16m
Assessment
Badge
CSSLP 2024: Secure Software Lifecycle Management
Security design principles enable professionals to create resilient software systems, protect sensitive data, and ensure compliance with industry standards, enhancing overall cybersecurity and professional credibility. In this course, you will explore the differences between predictive and adaptive software development life cycle (SDLC) approaches. You will contrast the Agile methodology with the Waterfall approach and secure implementations of Agile methodologies, such as Secure Scrum and Microsoft Security Development Lifecycle (MSDL)/Agile. Then you will trace the evolution of DevOps from Agile and examine how DevSecOps embeds security practices into the workflow, ensuring shared responsibility for security. Next, you will discover DevSecOps security practices, including automated security testing and continuous monitoring. Finally, you will analyze the importance of inventory management, secure configuration management, and security standard adoption. The course will also cover the Center for Internet Security (CIS) benchmarks for actionable security guidelines, the Security Technical Implementation Guide (STIG) for U.S. Department of Defense compliance, and Security Content Automation Protocol (SCAP) for automating security assessments and policy enforcement. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
11 videos |
1h 32m
Assessment
Badge
CSSLP 2024: Processes & Benchmarks for Secure Lifecycle Management
Processes and benchmarks for secure lifecycle management ensure consistent security, mitigate risks, comply with standards, and enhance trust in software systems throughout their development and operation. In this course, you will discover the secure software strategy and roadmap, focusing on key attributes such as milestones, checkpoints, and build/break criteria. Then you will contrast various security maturity models and examine the elements of a system security plan (SSP). Next, you will explore the attributes of good metrics for secure software and the importance of effective metrics in lifecycle management. You will use average remediation time (ART) with criticality levels to prioritize security efforts and investigate metrics of code complexity and the impact of different code elements. You will focus on end of life (EOL) policies, data archival during decommissioning, NIST standards for storage media disposal, and key considerations for modifying or terminating service-level agreements (SLAs). Finally, you will delve into security reporting mechanisms within a tiered risk management framework, comprehensive risk management strategies, continuous monitoring, breach notifications, change management, and incident response planning. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
15 videos |
2h 4m
Assessment
Badge
CSSLP 2024: Secure Software Requirements
The Secure Software Requirements CSSLP domain spans a wide range of topics, from privacy regulations to the construction of the Security Requirements Traceability Matrix (SRTM). In this course, you'll learn to distinguish between functional and non-functional security requirements, gather security requirements across business, application, and infrastructure layers, define user requirements, and create effective user stories using the INVEST attributes. Next, explore key compliance requirements and relevant regulations, including GDPR, CCPA, HIPAA, and Sarbanes-Oxley, analyze security requirements from NIST and ISO/IEC publications, and discover how these standards help organizations maintain strong security postures. You'll learn about the principles of data governance and data classification, including how to categorize data with labels like Confidential, Internal, and Public. Finally, you'll explore the data lifecycle, covering the stages of data creation, storage, usage, retention, and disposal, with a focus on secure practices. You will also study key confidentiality models like Bell-LaPadula and Brewer-Nash, as well as integrity models like Biba and Clark-Wilson. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
12 videos |
1h 32m
Assessment
Badge
CSSLP 2024: Privacy, PII, & Cross-border Data Transfers Security Requirements
Regulations and standards are an important source of secure software requirements and these lay special emphasis on safeguarding personally identifiable information (PII) and protecting user privacy. In this course, learn about the security requirements and privacy safeguards embedded in major regulations like PIPEDA, CCPA, GDPR, HIPAA, COPPA, and the OECD and how these frameworks enforce stringent controls over personal data. You will also study the complexities of cross-border data transfers by comparing frameworks like Privacy Shield, and the APEC Privacy Framework. Explore data access provisioning and how to categorize diverse types of data objects. Finally, discover the distinctions between misuse and abuse scenarios in security requirements and how these scenarios impact organizations. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
11 videos |
1h 22m
Assessment
Badge
CSSLP 2024: Secure Software Architectures & Frameworks
The Secure Software Architecture and Design CSSLP domain focuses on the ability to apply security practices to each phase of the software development life cycle, spanning topics from high-level models like SABSA and the Zachman Framework to cloud computing, VMs, hypervisors, containers, and industrial IoT systems. In this course, you'll learn how to organize and categorize security architectures, including the Sherwood Applied Business Security Architecture (SABSA). Explore various types of distributed computing architectures, the client-server architecture, and peer-to-peer (P2P) networks along with their security challenges. From there, you'll dive into service-oriented architectures (SOAs), analyze the security benefits of microservices and containers, examine Rich Internet Applications (RIAs), and cover how to prevent Remote Code Execution (RCE) attacks. After that, you'll study the implications of different types of connectivity, location-based services, RFID, NFC, and sensor and mesh networks. You'll finish with a focus on Embedded Systems and learn the significance of Secure Boot and Secure Memory, Secure Update Mechanisms, and Field-programmable Gate Arrays (FPGAs). This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
16 videos |
2h 6m
Badge
CSSLP 2024: Security in Cloud Computing Architectures
Cloud Computing has become so popular and important that it merits special treatment in the context of Domain 4 of CSSLP - instead of focusing entirely on the security aspects of a technology, we will introduce cloud computing and understand the context around its popularity. In this course, you will learn to contrast cloud computing with on-premises computing, focusing on the flexibility and cost-effectiveness of cloud solutions versus the control provided by on-prem deployments. Explore private cloud deployments, followed by an analysis of public, hybrid, and multi-cloud deployment models. Examine different cloud storage options and compare them with traditional storage area networks (SANs) and network attached storage (NAS). Next, you will gain an understanding of cloud service models, including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Explore the shared security responsibilities between cloud providers and customers through the shared responsibility model and analyze the specific security roles within IaaS and PaaS environments. After that, you will focus on security in mobile applications, implicit data collection, and the associated privacy implications. Finally, you will explore hardware platform security, side-channel attacks, return-oriented programming attacks, speculative CPU execution, and secure elements. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
15 videos |
2h
Assessment
Badge
CSSLP 2024: Security in Firmware & Industrial IoT
Vast sectors like manufacturing, energy, the automotive industry, and medical devices are now powered by the Industrial Internet of Things, or IIoT. This course gives you the tools to manage the unique security considerations of these technologies. First, learn about the security of firmware and hardware device drivers, exploring vulnerabilities and studying famous attacks such as Stuxnet. Then, examine cognitive computing, AR/VR, IIoT, and specific attacks by Triton malware targeting IIoT systems. Next, explore Facilities IIoT and Automotive IIoT, focusing on infrastructure and vehicular systems security. Study famous security breaches, like the 2015 Jeep Cherokee hack, and then move on to robotics and medical devices IIoT. Learn about software-defined production considerations, including digital twins, sensor/actuator networks, and dynamic configuration management. After that, focus on security management interfaces, learning about their key components, such as SIEM and EDR systems. Then, explore the role of Out-of-Band (OOB) Management and log interfaces. Finally, examine application dependencies, assess the impact of protocol design choices and evaluate factors in API protocol design, particularly the choice between stateless and stateful protocols. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
13 videos |
1h 45m
Badge
CSSLP 2024: Digital Certificates, Firewalls, Hypervisors, & Containers
Critical aspects of the internet are powered by a few keystone protocols and technologies including digital certificates, firewalls, virtual machine hypervisors, and containers. In this course, you will learn about the X.509 standard for digital certificates, which are used to secure communications across various applications such as web browsers, email, VPNs, single sign-on (SSO), and code signing. Explore flow control techniques and the role of proxy servers in managing data flow and load balancing, as well as the critical function of firewalls in network security. Discover data loss prevention (DLP) strategies and the role of queuing in flow control. Next, learn about Infrastructure as Code (IaC), virtualization, virtual machines (VMs), bare metal servers, and Type 1 (bare metal) and Type 2 (hosted) hypervisors. Finally, you'll be introduced to containers, container security considerations, and trusted computing techniques like secure and measured boot, remote attestation, sealed storage, and memory curtaining. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
14 videos |
1h 47m
Assessment
Badge
CSSLP 2024: Databases & Programming Language Environments
Python, Java, and .NET all have elaborate security features built into their runtimes, and so do database and data warehouse technologies we use every day. In this course, you'll learn the fundamentals of database security, including the role of encryption and how triggers can automate threat responses. Explore the uses of views in controlling data access and examine secure programming language environments. Analyze security features in the .NET CLR and the JRE, focusing on ASLR, DEP, type checking, and memory security. Then, contrast these with Python and PowerShell and learn about critical security controls in OS kernels, modes of execution, and virtual memory management. Next, discover threat modeling, STRIDE, spoofing, tampering, and the PASTA approach. Learn about attack trees, secure architectural design patterns, security design verification methods, as well as simulations and boundary value analysis. Finally, you'll define non-functional security requirements and discuss CI/CD Pipelines in secure deployment. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
15 videos |
2h 8m
Assessment
Badge
SHOW MORE
FREE ACCESS
EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE COURSES
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.BOOKS INCLUDED
Book
CSSLP Certification All-in-One Exam Guide, Second EditionFilled with exam tips, practice questions, and in-depth explanations, this definitive resource covers all eight exam domains developed by the International Information Systems Security Certification Consortium, and is designed to help you pass the exam with ease.
8h 31m
By Dan Shoemaker, Wm. Arthur Conklin
Book
The CSSLP Prep Guide: Mastering the Certified Secure Software Lifecycle ProfessionalWritten by experts in computer systems and security, this guide covers vital topics in the area of software security, conveys the key concepts and principles that the CSSLP embodies, and imparts beneficial insight for taking the Certification exam.
11h 21m
By Alexander J. Fry, Ronald L. Krutz
Book
CSSLP(r) Certification All-in-One Exam GuideFilled with exam tips, practice questions, and in-depth explanations, this definitive resource covers all eight exam domains developed by the International Information Systems Security Certification Consortium, and is designed to help you pass the exam with ease.
8h 45m
By Dan Shoemaker, Wm. Arthur Conklin
BOOKS INCLUDED
Book
CSSLP Certification All-in-One Exam Guide, Second EditionFilled with exam tips, practice questions, and in-depth explanations, this definitive resource covers all eight exam domains developed by the International Information Systems Security Certification Consortium, and is designed to help you pass the exam with ease.
8h 31m
By Dan Shoemaker, Wm. Arthur Conklin
Book
CSSLP Certified Secure Software Lifecycle Professional AllinOne Exam Guide, Third EditionCSSLP Certified Secure Software Lifecycle Professional All-in-One Exam Guide, Third Edition covers all eight exam domains developed by the International Information Systems Security Certification Consortium (ISC)2(r).
7h 43m
By Daniel Shoemaker, Wm. Arthur Conklin
SKILL BENCHMARKS INCLUDED
CSSLP: Secure Software Concepts Competency (Intermediate Level)
The Secure Software Concepts Competency benchmark will evaluate your knowledge of the secure software concepts of confidentiality, integrity, and availability (CIA), in addition to concepts that support CIA, such as authentication, authorization, accountability, and non-repudiation. You will be evaluated on your skills in ensuring key design principles are incorporated into the software development lifecycle, such as least privilege, separation of duties, defense in depth, fail-safe, complete mediation, least common, psychological acceptability, and single points of failure, as well as key security practices. A learner who scores high on this benchmark demonstrates that they have the skills to describe secure software core concepts and incorporate security practices into the software development lifecycle.
16m
| 16 questions
CSSLP: Secure Software Architecture and Design Competency (Intermediate Level)
The Secure Software Architecture and Design Competency benchmark measures your knowledge of common threats such as APT, insider threats, common malware, and third party/supplier risks, as well as performing attack surface evaluation. You will be evaluated on your skills in recognizing security architecture considerations such as identification and prioritization, distributed/pervasive computing, and applying best practices for securing commonly used architecture and technologies like virtualization, databases, and the programming language environment. A learner who scores high on this benchmark demonstrates that they have the skills to develop a threat model, define security architectures, perform an architectural risk assessment, and secure commonly used architectures and technologies.
25m
| 25 questions
CSSLP: Secure Software Requirements Competency (Intermediate Level)
The Secure Software Requirements Competency benchmark measures your ability to define software security requirements and identify and analyze compliance requirements, data classification requirements, and privacy requirements. You will be evaluated on your skills in developing misuse and abuse cases, using the Security Requirements Traceability Matrix (STRM), and ensuring security requirements flow down to the suppliers/providers. A learner who scores high on this benchmark demonstrates that they have the skills to recognize secure software requirements such as abuse cases, software specifications, and traceability matrixes.
18m
| 18 questions
CSSLP: Secure Software Lifecycle Management Competency (Intermediate Level)
The Secure Software Lifecycle Management Competency benchmark measures your knowledge of secure lifecycle management, including version control, security standards, frameworks, and security metrics, in addition to governance, risk, and compliance (GRC). You will be evaluated on your skills in deploying and maintaining software and operations. A learner who scores high on this benchmark demonstrates that they have the skills necessary to use the secure lifecycle management model and perform software pre- and post-release activities.
24m
| 24 questions
CSSLP: Secure Software Implementation Competency (Intermediate Level)
The Secure Software Implementation Competency benchmark measures your knowledge of the differences between declarative and programmatic security, in addition to defensive coding practices and applying secure coding controls such as configuration, error handling, and session management. You will be evaluated on your skills in using essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques, as well as analyzing code for security vulnerabilities, identifying malicious code, and securely reusing third-party code and integrating components. A learner who scores high on this benchmark demonstrates that they have the skills necessary to recognize and apply secure coding practices and assess security vulnerabilities.
23m
| 23 questions
CSSLP: Secure Software Testing Competency (Intermediate Level)
The Secure Software Testing Competency benchmark assesses your knowledge of essential testing types, as well as how to apply best practices for security testing and quality assurance, bug tracking, and the ISO 9126, SSE-CMM, OSSTMM, and DIACAP standards. You will be evaluated on your skills in performing secure software testing by tracking security errors, securing test data, and verifying and validating testing results. A learner who scores high on this benchmark demonstrates that they have the skills necessary to recognize and apply testing concepts and use secure software testing best practices.
25m
| 25 questions
CSSLP: Secure Software Supply Chain Competency (Intermediate Level)
The Secure Software Supply Chain Competency benchmark measures your knowledge of pedigree and provenance verification and acquisition process support delivery. You will be evaluated on your skills in applying compliance auditing, vulnerability response and reporting, supplier sourcing challenges, best practices for various controls, SLAs, support structures, and product deployment and configuration management. A learner who scores high on this benchmark demonstrates that they have the skills necessary to incorporate best practices for supply chain and software acquisitions.
15m
| 15 questions
SHOW MORE
FREE ACCESS