CSSLP: Secure Software Architecture and Design Competency (Intermediate Level)

Topics covered

• describe hardware platform concerns
• describe pervasive computing including IoT, wireless, location-based, RFID, near field communication, and sensor networks
• describe protocol design choices such as APIs, weaknesses, state, and models
• describe the process of threat modeling
• describe upstream and downstream dependencies such as key and data sharing between apps
• design secure assembly architecture for component-based systems, including client-side data storage and network attached storage
• distinguish between characteristics of authentication and identity management
• distinguish between compilers, interpreters, and hybrid source codes
• distinguish between flow control methods
• identify benefits of virtualization in secure software design
• identify characteristics of control identification and prioritization
• identify common architecture frameworks
• list embedded security architecture considerations such as control systems and firmware
• list typical security issues relating to mobile applications
• model and classify data
• recognize characteristics of data loss prevention
• recognize elements of the service-oriented architecture such as enterprise service bus and web services
• recognize how to minimize the attack surface
• recognize how to model common threats
• recognize how to model typical threats, including advanced persistent threats, insider threats, common malware, and third-party/supplier
• recognize how to perform attack surface evaluation
• recognize how to perform design security reviews
• recognize types of rights expression languages in digital rights management
• use secure design principles and patterns
• use security enhancing architecture and design tools