CSSLP Cert Prep: 1 Secure Software Concepts
1h 41mIntermediate2021-02-26
Authors

Jerod Brennen
Security Architect, Advisor, Speaker, Teacher
Course details
The Certified Secure Software Lifecycle Professional (CSSLP) is a globally recognized certification from (ISC)², the organization that has certified well over 100,000 information security professionals. As a CSSLP holder, you can demonstrate to current or future employers that you understand how security can be embedded in the software development lifecycle (SDLC). This course, the first installment in the CSSLP Cert Prep series, prepares you to tackle the first domain in the CSSLP exam: Secure Software Concepts. Instructor Jerod Brennen discusses how application security fits within the broader context of information security. He also digs into core concepts, including availability and authorization; economy of mechanism, with a particular focus on single sign-on (SSO); and design considerations, such as resiliency and open design.
Topics include:
- The core principles of confidentiality and availability
- The basics of accountability, including auditing and logging
- Least privilege
- Fail safes, including exception handling
- Leveraging existing components
- Eliminating single points of failure
Topics include:
- The core principles of confidentiality and availability
- The basics of accountability, including auditing and logging
- Least privilege
- Fail safes, including exception handling
- Leveraging existing components
- Eliminating single points of failure
Skills covered
Software Development SecurityCybersecurityCert Prep
Concepts
0. Introduction
- 01 - Building secure software
- 02 - What you should know
- 03 - The goals of application security
1. The CIA Triad
- 04 - Confidentiality
- 05 - Integrity
- 06 - Availability
2. Identity and Access Management
- 07 - Authentication
- 08 - Authorization
- 09 - Accountability
- 10 - Nonrepudiation
3. Access Controls
- 11 - Least privilege
- 12 - Separation of duties
- 13 - Economy of mechanism
- 14 - Complete mediation
4. Design Considerations
- 15 - Defense in depth
- 16 - Resiliency
- 17 - Open design
- 18 - Least common mechanism
- 19 - Psychological acceptability
- 20 - Leveraging existing components
- 21 - Eliminate single point of failure
- 22 - Diversity of defense
Conclusion
- 23 - Next steps
Related courses
- ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep
- CSSLP Cert Prep: 4 Secure Software Implementation
- CSSLP Cert Prep: 2 Secure Software Requirements
- CSSLP Cert Prep: 3 Secure Software Design
- CSSLP Cert Prep: 5 Secure Software Testing
- CSSLP Cert Prep: 6 Secure Lifecycle Management
- CSSLP Cert Prep: 7 Software Deployment, Operations, and Maintenance
- CSSLP Cert Prep: 8 Supply Chain and Software Acquisition