CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security
4h 2mAdvanced2020-11-20
Authors

Mike Chapple
Teaching Professor at the University of Notre Dame
Course details
A solid understanding of software and systems security—from the software development lifecycle to penetration testing—is essential for aspiring cybersecurity analysts, as well as for those looking to earn the CompTIA Cybersecurity Analyst (CySA+) certification. In this installment of the CySA+ (CS0-002) Cert Prep series, instructor Mike Chapple dives into key software and system security practices as he prepares you for the Software and Systems Security domain of the CySA+ (CS0-002) exam. Mike provides coverage of secure software development practices, virtualization, networking, cloud computing, and more. Upon wrapping up this course—along with CySA+ (CS0-002) Cert Prep: 3 Identity and Access Management—you'll be prepared to confidently answer questions in the Software and Systems Security domain of the CySA+ exam.
Skills covered
Software Development SecurityCybersecurityCert Prep
Concepts
0. Introduction
- 01 - Software and systems security
- 02 - What you should know
- 03 - Study resources
1. Software Development Life Cycle
- 04 - Software platforms
- 05 - Development methodologies
- 06 - Maturity models
- 07 - Change management
- 08 - DevOps and DevSecOps
2. Software Assessment and Testing
- 09 - Code review
- 10 - Software testing
- 11 - Code tests
- 12 - Fuzz testing
- 13 - Interface testing
- 14 - Misuse case testing
- 15 - Test coverage analysis
3. Secure Coding Best Practices
- 16 - Input validation
- 17 - Parameterized queries
- 18 - Authentication and session management issues
- 19 - Data protection
- 20 - Output encoding
- 21 - Error and exception handling
- 22 - Code repositories
- 23 - Code signing
4. Service Oriented Architecture
- 24 - SOAP and REST
- 25 - SOA and microservices
5. Secure Systems Design
- 26 - Operating system types
- 27 - Data encryption
- 28 - Hardware and firmware security
- 29 - Peripheral security
- 30 - Physical asset management
6. Encryption and Certificate Management
- 31 - Understanding encryption
- 32 - Symmetric and asymmetric cryptography
- 33 - Goals of cryptography
- 34 - Choosing encryption algorithms
- 35 - Key exchange
- 36 - Diffie-Hellman
- 37 - Trust models
- 38 - PKI and digital certificates
- 39 - Hash functions
- 40 - Digital signatures
- 41 - Creating a digital certificate
- 42 - Revoking a digital certificate
7. Penetration Testing
- 43 - Planning a penetration test
- 44 - Designing penetration tests
- 45 - Exploitation frameworks
- 46 - Interception proxies
- 47 - Penetration test reporting
- 48 - Training and exercises
8. Reverse Engineering
- 49 - Reverse engineering software
- 50 - Reverse engineering hardware
9. Virtualization
- 51 - Virtualization
- 52 - Desktop and application virtualization
- 53 - Containerization
10. Networking
- 54 - Security zones
- 55 - VLANs
- 56 - Isolating sensitive systems
- 57 - Virtual private networks (VPNs)
- 58 - Software-defined networking
11. Cloud Computing
- 59 - What is the cloud
- 60 - Cloud computing roles
- 61 - Cloud compute resources
- 62 - Cloud storage
- 63 - Cloud networking
- 64 - Cloud databases
- 65 - Cloud orchestration
- 66 - Cloud auditing tools
12. Extending Defenses
- 67 - Deception technologies
Conclusion
- 68 - Next steps
Related courses
- CompTIA CySA+ (CS0-002) Cert Prep: 1 Threat Management
- CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
- CompTIA CySA+ (CS0-002) Cert Prep: 7 Compliance and Assessment
- CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
- CompTIA CySA+ (CS0-002) Cert Prep: 3 Identity and Access Management
- CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
- Exam Tips: CompTIA CySA+ (CS0-002)
- CompTIA Cybersecurity Analyst+ (CySA+) (CS0-003): 4 Reporting and Communication
Related learn paths
- Prepare for the CompTIA Cybersecurity Analyst + (CySA+) (CS0-002) Certification Exam
- Prepare for the CompTIA Cybersecurity Analyst (CySA+) (CS0-003) Certification
- Prepare for the CompTIA Data+ (DA0-001) Exam
- Prepare for the CompTIA IT Fundamentals+ (ITF+) (FC0-U61) Exam
- Prepare for the CompTIA Cloud+ (CV0-002) Exam
- Prepare for the CompTIA A+ (220-1001 and 220-1002) Exams
- Prepare for the CompTIA Network+ (N10-007) Exam
- Prepare for the CompTIA Security+ (SY0-601) Certification Exam