Certified Secure Software Lifecycle Professional (CSSLP)
Certified Secure Software Lifecycle Professional (CSSLP) 2019
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Abuse Cases & RTMs
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Architectural Risk Assessment, Secure Interface Design, & Modeling
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Core Concepts
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Data Classification
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Governance, Risk, & Compliance
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Privacy
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Coding Practices
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Design Principles
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Lifecycle Management
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Software Testing
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Architecture
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Design Principles
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Requirements
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Vulnerabilities
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Technologies
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing for Security & Quality Assurance
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing Types
Certified Secure Software Lifecycle Professional (CSSLP) 2019: Threat Modeling

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Abuse Cases & RTMs

Course Number:
it_spcsslp19_06_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Abuse Cases & RTMs

  • discover the key concepts covered in this course
  • describe how use cases model the intended behavior of the software or system
  • describe when to use misuse/abuse cases
  • list the benefits of RTM for software development
  • list software requirement specifications such as confidentiality, integrity, availability, authentication, authorization, and accountability
  • summarize the key concepts covered in this course

Overview/Description

This 6-video course explores numerous concepts important in developing secure software requirements. First, learn the purpose of use cases which is a powerful graphical technique for mapping out the functional requirements of a system, and how they can be designed for both developers and testers. The course then explores misuse/abuse cases to examine prohibited activities or a typical attack, and demonstrates an attack through specific misuse case scenarios. Learners examine the benefits of a traceability matrix, a table structure used for documenting and managing requirements, and learn to track implementation details and specifics. This course explores aspects of secure software, and reliable attributes common to all secure software. You will learn that in recovering data, secure software must be predictable and designed to limit damage. Then examine the importance of gathering of security requirements while gathering software requirements. Finally, you will learn how confidentiality requirements detail the ways in which a system must protect against unauthorized disclosure. This course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Architectural Risk Assessment, Secure Interface Design, & Modeling

Course Number:
it_spcsslp19_09_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Architectural Risk Assessment, Secure Interface Design, & Modeling

  • discover the key concepts covered in this course
  • recognize how to model typical threats, including advanced persistent threats, insider threats, common malware, and third-party/supplier
  • describe secure interface design for security management interfaces, out-of-band management, and log interfaces
  • describe upstream and downstream dependencies such as key and data sharing between apps
  • describe protocol design choices such as APIs, weaknesses, state, and models
  • identify common architecture frameworks
  • model non-functional security properties and constraints
  • model and classify data
  • summarize the key concepts covered in this course

Overview/Description

This course explores the use of architectural risk assessment to identify flaws in software, and to determine risks. You will learn to use security management interfaces, and how to design and integrate the interfacing security functionality with existing software to meet an enterprise's security objectives. This 9-video course will examine upstream/downstream software development and compatibility, the types of design decisions when encountering interconnectivity with other applications, and any considerations concerning key sharing, single sign-on, token-based security, and delegation of trust. You will learn the two types of channels, message passing and shared memory channels, for communication between two entities. Next, learn how to do a proper architectural risk analysis by using vulnerability analysis, ambiguity analysis, and platform vulnerability analysis. Learners then use an engineering goal-oriented model to evaluate security, and learn how to use an NFR (nonfunctional requirements) framework. Finally, the course examines data classification. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Core Concepts

Course Number:
it_spcsslp19_01_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Core Concepts

  • discover the key concepts covered in this course
  • recognize confidentiality concepts such as covert, overt, and encryption
  • differentiate between different integrity concepts such as hashing, digital signatures, code signing, reliability, alterations, and authenticity
  • describe different availability concepts such as failover, replication, clustering, scalability, and resiliency
  • recognize available authentication concepts such as multifactor authentication, identity and access management, single sign-on, and federated identity
  • differentiate between authorization concepts such as access controls and entitlements
  • list accountability concepts such as auditing and logging
  • describe non-repudiation concepts such as PKI and digital signatures
  • summarize the key concepts covered in this course

Overview/Description

This course examines information needed to earn the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) certification and to prepare for the CSSLP exam. These security professionals are well versed in how to incorporate key security practices into all lifecycle stages of software development. This course covers secure software concepts such as covert, overt, and encryption. You will examine the secure software concepts of confidentiality, integrity, and availability (collectively, CIA) and examine concepts that support the concepts, such as authentication, authorization, accountability, and non-repudiation. Learn the difference between various integrity concepts such as hashing, digital signatures, code signing, reliability, alterations, and authenticity. You will also learn about authentication concepts, such as multifactor authentication, identity and access management, single sign-on, and federated identity management. Learn when to use different authorization concepts, such as access controls and entitlements. Finally, the course covers accountability concepts, such as auditing and logging, and describe non-repudiation concepts, such as public key infrastructure (PKI) and digital signatures.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Data Classification

Course Number:
it_spcsslp19_04_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Data Classification

  • discover the key concepts covered in this course
  • differentiate between data owner and data custodian
  • differentiate between labeling requirements such as sensitivity and impact
  • list types of data including structured and unstructured data
  • describe data lifecycle requirements such as generation, retention, and disposal
  • summarize the key concepts covered in this course

Overview/Description

This 12-video course explores the different roles played by data classification in the software development lifecycle. You will learn the differences between data owners and data custodians. While data remain the property of the enterprise or organization, data ownership is used to assign responsibility to the person who defines the requirements related to the data, and will manage the data day-to-day requirements. Data custodians are responsible for ensuring that security and access controls are configured and maintained properly. You will learn how labeling data adds extra data to describe the data being protected, which refers to metadata. This course focuses on two types of data, structured and unstructured, and the importance to the secure software lifecycle. Learners will recognize that data type is one of the key factors that determine how data should be secured. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Governance, Risk, & Compliance

Course Number:
it_spcsslp19_18_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Governance, Risk, & Compliance

  • identify the objectives of the course
  • recognize regulations and compliance considerations as they relate to the governance, risk, and compliance
  • identify legal factors such as intellectual property and breach notification
  • list standards and guidelines including ISO, PCI, NIST, OWASP, SAFECode, OpenSAMM, BSIMM
  • describe risk management
  • describe risk response
  • describe common terminology including threats, vulnerability, residual risk, controls, probability, and impact
  • differentiate between technical risk and business risk
  • describe strategies including mitigate, accept, transfer, and avoid
  • summarize the key concepts covered in this course

Overview/Description

This 10-video course explores regulations and compliance considerations as they relate to governance, risk, and compliance (GRC). First, learners will identify legal factors, such as intellectual property and breach notifications, and learn about General Data Protection Regulations (GDPR), for which violations can result in significant financial penalties. Next, learn about standards and guidelines, including those from the International Organization for Standardization (ISO), the Payment Card Industry Data Security Standard, the National Institute for Standards and Technology (NIST), the Open Web Application Security Project (OWASP), the Software Assurance Forum for Excellence in Code, the Software Assurance Maturity Model, and Building Security In Maturity Model. You will then hear discussions of risk management and risk response. Explore common terminology, including threats, vulnerability, residual risk, controls, probability, and impact. Learn to differentiate between technical risk and business risk. The course concludes by exploring productive strategies, including mitigate, accept, transfer, and avoid. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Privacy

Course Number:
it_spcsslp19_05_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Privacy

  • discover the key concepts covered in this course
  • recognize the importance of a high-level privacy policy
  • describe information used to specifically identify an individual
  • describe the benefits of breach notifications
  • recognize data protection principles including user consent
  • describe the importance of security during the disposal stage
  • summarize the key concepts covered in this course

Overview/Description

This course explores various issues related to privacy requirements, and their importance in determining how to provide security throughout the software development lifecycle. You will learn the software requirements used to help identify privacy requirements, including data anonymization, user consent, and data disposition. You will learn how an enterprise's high-level privacy policy influences its security responsibilities for the collection, storage, use, and transfer of personal information. This 7-video course examines how organizations collect personal information during their day-to-day business operations. Next, learn the legal importance of protecting PII (personally identifiable information), which is a legal term defined in a memorandum published by the US Office of Management and Budget. You will learn how the European Union (EU) views data protection by its data protection directive, known as EUDPD. Finally, learners will explore the importance of securing data during the process of disposal. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Coding Practices

Course Number:
it_spcsslp19_12_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Coding Practices

  • discover the key concepts covered in this course
  • recognize characteristics of declarative security
  • recognize characteristics of programmatic security
  • recognize how to use defensive coding practice to address concurrency issues leading to race condition
  • recognize examples of using configuration as a defensive coding practice
  • recognize cryptography elements such as storage, agility, encryption, and algorithm selection
  • recognize examples of using input and output sanitization as a defensive coding practice
  • recognize examples of using error handling as a defensive coding practice
  • recognize examples of using input validation as a defensive coding practice
  • recognize examples of using logging and auditing as a defensive coding practice
  • recognize examples of using session management as a defensive coding practice
  • recognize examples of using exception management as a defensive coding practice
  • distinguish between safe and unsafe API coding practices
  • distinguish between static and dynamic type safety enforcement
  • recognize characteristics of memory management as a defensive coding practice
  • recognize characteristics of configuration parameter management as a defensive coding practice
  • recognize examples of tokenizing as a defensive coding practice
  • recognize characteristics of sandboxing as a defensive coding practice
  • summarize the key concepts covered in this course

Overview/Description

In this 19-video course, learners will explore the intricate world of secure coding practices. Topics covered in detail include declarative versus imperative (programmatic) security—whether the security is part of the application or part of the container. Next, survey defensive coding practices and control such as secure configuration, error handling, and session management. Learners will also explore cryptography, input and output sanitization, error handling, input validation, logging and auditing, and session and exception management. You will learn important information about safe application programming interfaces (APIs), including those that offer different types of functionality, such as Microsoft's Crypto API and Python's pycrypto, which both provide cryptographic functions; popular social media platforms provide their own APIs that programmers can tap into while incorporating aspects of those services. Learn more about useful concepts such as concurrency, type safety, memory management, configuration parameter management, tokenizing, and sandboxing. The course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Design Principles

Course Number:
it_spcsslp19_11_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Design Principles

  • discover the key concepts covered in this course
  • recognize how to perform design security reviews
  • design secure assembly architecture for component-based systems, including client-side data storage and network attached storage
  • use security enhancing architecture and design tools
  • use secure design principles and patterns
  • summarize the key concepts covered in this course

Overview/Description

In this 6-video course, you will discover the basic issues involved in how to perform design security reviews, design secure assembly architecture for component-based systems, and use architecture and design tools that enhance security. First, learn to pay attention to the type of operational environment the software will be running under: is the software intended for public use via the Web, or is it only available within a stable, controlled network? Who will be the end users? Will you need to collaborate and coordinate testing, timing, and integration? Learn security patterns, and consider what security-enhancing architecture is available. Next, learn to distinguish between software appropriate for centralized and decentralized system; identify budgetary constraints, and consider available resources. Will new technologies need to be incorporated into the design at a later date? Your emphasis should be on the future—learning to build a flexible, modular system that can scale up and grow may be imperative. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Lifecycle Management

Course Number:
it_spcsslp19_17_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Lifecycle Management

  • identify the objectives of the course
  • describe secure configurations and version control
  • recognize how to establish security milestones
  • recognize the secure software methodology
  • describe security standards and frameworks
  • recognize how to prepare proper security documentation
  • recognize security metrics
  • describe end-of-life policies
  • recognize how data are destroyed
  • recognize how to perform credential removal
  • recognize acceptance include software qualification testing, planning, and hierarchy
  • identify the characteristics of the pre-release testing process
  • identify characteristics of a post-release plan
  • recognize how to report security status
  • summarize the key concepts covered in this course

Overview/Description

Explore how to use the secure lifecycle management model in this 15-video course. First, learners will hear practical descriptions of secure configurations, inversion control, how to obtain security milestones, and secure software methodology. Then receive an overview of security standards and frameworks, and explore configuration management as it relates to source code version control. Next, the course discusses how to prepare proper security documentation, provides an overview of a security matrix, and describes end-of-life policies. Learners will then watch demonstrations of how to perform data destruction and how to perform credential removal. You will learn about concepts such as security metrics and governance, risk, and compliance (GRC). The course concludes with useful discussions of what acceptance is, including software qualification testing, planning hierarchy, what the characteristics of the pre-release testing process are, and the characteristics of a post-release plan; and how and when to report security status. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Software Testing

Course Number:
it_spcsslp19_16_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Software Testing

  • discover the key concepts covered in this course
  • identify undocumented functionality in software
  • recognize that there are security implications of test results
  • classify and track security errors using bug tracking and risk scoring
  • recognize how test data is required by different test types
  • recognize importance of securing test data such as privacy and referential integrity
  • recognize the importance of performing verification and validation testing
  • summarize the key concepts covered in this course

Overview/Description

This 8-video course covers the use of secure software testing best practices, specifically exploring how to perform secure software testing by tracking security errors, developing securing test data, and verification and validation testing results. Learners will first explore undocumented features—an IT-related term developed to describe software bugs or defects—and how to resolve them, including by use of host-based intrusion prevention systems. Next, you will explore security implications of test results. In general, testing should be performed throughout the software development lifecycle by software testers, members of the quality assurance (QA) team responsible for testing and managing software testers. Artifacts—resources which support the development process—are created throughout the lifecycle process, including use cases and the test plan which identifies objectives of the software test. Learn how to perform secure software testing, to track security errors, and verify and validate the results. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Architecture

Course Number:
it_spcsslp19_08_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Architecture

  • discover the key concepts covered in this course
  • identify characteristics of control identification and prioritization
  • recognize types of distributed computing such as client server, peer-to-peer, and message queuing
  • recognize elements of the service-oriented architecture such as enterprise service bus and web services
  • list design considerations for rich Internet applications such as client-side exploits or threats, remote code execution, and constant connectivity
  • describe pervasive computing including IoT, wireless, location-based, RFID, near field communication, and sensor networks
  • list embedded security architecture considerations such as control systems and firmware
  • differentiate between different cloud architectures such as SaaS, PaaS, and IaaS
  • list components of mobile app architecture such as client hardware, client software, interfaces, endpoints, storage, and data transmission
  • list typical security issues relating to mobile applications
  • describe hardware platform concerns
  • summarize the key concepts covered in this course

Overview/Description

Explore security architecture considerations such as control identification and prioritization, distributed computing, cloud architectures, mobile applications, and hardware platform concerns in this 12-video course. First, learn to identify characteristics of control identification, or an organization's security controls in an enterprise setting and how to prioritize and enterprise's existing security controls. The course then examines the elements of distributed computing, a type of parallel computing in which software is divided into multiple tasks. Next, learners will explore service-oriented architecture, which is a collection of services that communicate with each other. You will learn about rich Internet web-based applications and pervasive computing, including the Internet of Things, wireless and sensor networks, embedded security architecture, cloud architectures, mobile app architectures, and hardware platforms. Finally, the course explores how an embedded system is designed to perform a specific operation as part of a larger hardware-based machine or system. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Design Principles

Course Number:
it_spcsslp19_02_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Design Principles

  • discover the key concepts covered in this course
  • describe least privileges principles such as access control, need-to know, and run-time privileges
  • recognize separation of duties principles such as multi-party control, secret sharing, and splitting
  • differentiate between different defense in depth principles such as layered controls, input validation, and security zones
  • describe fail safe principles such as exception handling, non-verbose errors, and deny by default
  • recognize economy of mechanism principles such as single sign-on
  • describe complete mediation principles such as cookie management, session management, and caching of credentials
  • describe open design principles such as peer reviewed algorithm
  • recognize least common mechanism principles such as compartmentalization/isolation
  • list psychological acceptability principles such as password complexity and screen layouts
  • leverage existing components such as common controls and libraries
  • eliminate single points of failure
  • summarize the key concepts covered in this course

Overview/Description

This course explores the design principles that help to ensure key security practices are incorporated into the software development lifecycle, and it prepares you for the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) exam. The design principles you will learn include least privilege, to provide the lowest level of rights and permissions for a user to perform current tasks and separation of duties. This course covers the principles of defense in depth, to include multiple overlapping defenses such as layered controls, input validation, and security zones that work together collectively as a series of defenses. You will learn the concepts of fail-safe principles, including exception handling, and denied by default. Next, learn to design a complete mediation so that authorization is verified every time access is requested. Also covered is a less common design issue is psychological acceptability, such as password complexity and screen layouts, to ensure the design is psychologically acceptable to users. Finally, this course examines the separation of duties principles, including multiparty control, secret sharing and splitting.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Requirements

Course Number:
it_spcsslp19_03_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Requirements

  • discover the key concepts covered in this course
  • recognize functional requirements
  • recognize non-functional requirements such as reliability, performance, security, accuracy, costs, and maintainability
  • recognize how security requirements are aligned with functional and non-functional requirements
  • describe policy decomposition
  • recognize characteristics of legal and regulatory requirements, as well as compliance with them
  • summarize the key concepts covered in this course

Overview/Description

This course explores the security requirements needed in all stages of the software development lifecycle. Learners first examine the functional requirements, and learn that these requirements start as business requirements that are translated into functional requirements. You will then learn the characteristics or properties of nonfunctional requirements, which include security, maintainability, costs, accuracy, reliability, and performance. This 7-video course then covers how security requirements are aligned with functional and nonfunctional requirements. Next, learn that policies are defined by the National Institute of Standards and Technology (NIST), and are broken down to issue-specific policies, system-specific policies, and program policies. Learn how issue-specific policies address defined issues, while system-specific policies are directives geared towards achieving some technical outcome. Finally, this course examines the legal and regulatory requirements, and policy documents that define the security requirements. You will learn that there are several sources of industry-standard legal, compliance and policy standards. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Vulnerabilities

Course Number:
it_spcsslp19_13_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Vulnerabilities

  • discover the key concepts covered in this course
  • locate and list the OWASP "Top 10"
  • locate and list the CWE list of software weaknesses
  • describe characteristics of injection attacks
  • recognize input validation failures such as buffer overflow, canonical, missing defense functions, and general programming failures
  • differentiate between common weakness enumerations and common vulnerabilities and exposure
  • describe side channels
  • describe social engineering attacks such as phishing
  • identify source code and versioning best practices
  • identify build environment best practices such as anti-tampering techniques and compiler switches
  • recognize characteristics of peer-based code reviews
  • distinguish between static and dynamic code analysis
  • list the steps for code signing
  • analyze reused code for security vulnerabilities
  • differentiate between static and dynamic analysis
  • search for and identify malicious code
  • securely reuse third party code or libraries
  • recognize how to securely integrate components such as systems of systems integration
  • debug security errors
  • summarize the key concepts covered in this course

Overview/Description

Explore how to identify and assess security vulnerabilities in this 20-video course, in which you will encounter essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques. First, become familiar with malicious practices and the threats outlined in the Open Web Application Security Project (OWASP) Top 10 list and the Common Weakness Enumeration (CWE) list of software weaknesses. You will soon be able to differentiate between CWE and Common Vulnerabilities and Exposure (CVE) lists. Next, learn to describe the characteristics of injection attacks, before watching demonstrations of input validation failures such as buffer overflows, canonical form, missing defense functions, and general programming failures. You will examine how to analyze reuse code for security vulnerabilities, identify malicious code, securely reuse third-party code, and securely integrate components. Finally, learners will hear discussions of defensive coding, side channels, social engineering attacks, source code and versioning. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Technologies

Course Number:
it_spcsslp19_10_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Technologies

  • discover the key concepts covered in this course
  • distinguish between characteristics of authentication and identity management
  • recognize characteristics of credential management
  • distinguish between flow control methods
  • recognize characteristics of logging
  • recognize characteristics of data loss prevention
  • identify benefits of virtualization in secure software design
  • recognize types of rights expression languages in digital rights management
  • recognize characteristics of trusted computing
  • distinguish between database security techniques
  • distinguish between compilers, interpreters, and hybrid source codes
  • recognize characteristics of operating systems
  • summarize the key concepts covered in this course

Overview/Description

In this 13-video course, learners can explore best practices for securing commonly used architecture and technologies such as virtualization, databases, and the programming language environment. First, learn the three steps involved in authentication and identity management. Next, earn the principles of Credential Management and protecting credentials used for authentication, including passwords, tokens, biometrics, and certificates. Learners will then examine logging or recording a user's actions within a system, and data flow control methods. Next, learn about data loss prevention as an in-depth security strategy that encompasses many different technologies. Learn how virtualization allows for software to be hosted in a virtual environment. Learners will then examine digit rights management (DMR), which restricts access to content that is not local to secure digital content, and protect intellectual property. Finally, the course explores the basis of trusted computing—the hardware, software, and firmware components critical to securing a system which includes discussion of programming language and operating systems. This course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing for Security & Quality Assurance

Course Number:
it_spcsslp19_15_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing for Security & Quality Assurance

  • discover the key concepts covered in this course
  • recognize characteristics of testing artifacts
  • identify characteristics of functional testing
  • distinguish between nonfunctional testing methods
  • distinguish between white, grey, and black box testing
  • identify environment best practices for ensuring secure software testing
  • distinguish between bug tracking states
  • recognize the areas covered by the ISO 9126 standard
  • describe the Systems Security Engineering Capability Maturity Model standard
  • describe the open source security testing methodology manual standard
  • describe the DoD Information Assurance Certification and Accreditation Process standard
  • test data lifecycle management
  • summarize the key concepts covered in this course

Overview/Description

In this 13-video course, learners will explore best practices for testing for security and quality assurance. This includes testing artifacts, nonfunctional testing, functional testing, security testing, the testing environment, and bug tracking. Next, learn about the concepts of attack surface validation and test functionality. Other major topics covered include the ISO 9126 software quality model; the System Security Engineering Capability Maturity model and its five levels; the Open Source Security Testing Methodology Manual (OSSTMM); and the US Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) standards, under which any Department of Defense owned or controlled information system must be certified, irrespective of classification or sensitivity level. Learn about data lifecycle management, a practice that describes the definition and the structure of the necessary steps that should be taken in order to optimize the useful life of an organization's data. The course helps to prepare learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing Types

Course Number:
it_spcsslp19_14_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing Types

  • discover the key concepts covered in this course
  • recognize the different categories of software testing, such as incremental integration testing and usability testing
  • identify the four steps in the penetration process
  • recognize characteristics of the fuzzing method
  • recognize characteristics of scanning
  • recognize characteristics of simulation testing
  • recognize characteristics of testing for failure
  • recognize characteristics of cryptographic validation
  • recognize characteristics of regression testing
  • recognize characteristics of continuous testing
  • recognize characteristics of attack surface validation for software testing
  • recognize how to perform unit testing
  • perform an impact assessment
  • summarize the key concepts covered in this course

Overview/Description

This 14-video course explores essential testing types—including penetration testing, scanning, simulation testing, failure testing, and cryptographic validation—and many of the best practices. You will also learn more about other types, such as fuzzing, regression testing, continuous testing, attack surface validation, and unit testing. Learn about certification testing—performed as part of a certification process, when load or stress testing determines how the system operates under heavy loads and what effect load has on the system. You will be introduced to ISECOM's Open Source Security Testing Methodology Manual, a comprehensive methodology related to penetration and security testing, security analysis, and measuring operational security. It includes test cases whose outcomes provide verified facts, amounting to actionable information that can tangibly and measurably improve operational security. Become familiar with how to perform an impact assessment, learn why defects discovered during testing must be addressed, and learn the meaning of Priority and Severity levels derived from the defect report. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Threat Modeling

Course Number:
it_spcsslp19_07_enus
Lesson Objectives

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Threat Modeling

  • discover the key concepts covered in this course
  • describe the process of threat modeling
  • recognize how to model common threats
  • recognize how to perform attack surface evaluation
  • measure an attack surface
  • recognize how to minimize the attack surface
  • summarize the key concepts covered in this course

Overview/Description

This 7-video course explores the concept of threat modeling and how to develop and use a threat model. You will examine common threats, such as advanced persistent threats (APTs), insider threats, common malware, and third party/supplier threats. You will learn how a development team creates the threat model by using five well-defined stages. Next, learn to develop a security objective which sets the foundation for the threat model development. You will examine six categories of common threats defined in STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege). Then learn to model STRIDE attacks across trust boundaries, processes, external entities, and the like. This course covers attack surface software, an attack anywhere in the system code access by unauthorized party, and how to minimize it. You will learn about Microsoft's published list of attack surface elements associated with Windows. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.



Target

Prerequisites: none

Close Chat Live