Paths

CSSLP® (Certified Secure Software Lifecycle Professional)

Author: Kevin Henry

Many software development projects and applications written today are vulnerable to attack or compromise and lack effective security and compliance controls. Why? Most... Read more

CSSLP® (Certified Secure Software Lifecycle Professional)

In this series, you will learn core secure software development concepts, such as confidentiality, integrity and availability, and secure design principles such as least privilege, separation of duties, and defense in depth; the methodologies, models and architectural techniques needed to develop an enterprise-wide security and business solution; and the benefits of following coding standards and how documentation can help in the maintenance and operations of software. These courses will also help you prepare for the Certified Secure Software Lifecycle Professional (CSSLP®) certification exam.

Preparing for an (ISC)2® Certification Exam

by Kevin Henry

Mar 31, 2018 / 17m

17m

Start Course
Description

Preparing for an (ISC)2® examination can be difficult and stressful. In this course, Preparing for an (ISC)2® Certification Examination, you will learn how to set yourself up for success, prior to taking the exam. First, you will delve into the test-taking process. Next, you will discover some helpful tips and tricks to pass the exam. Last, you will learn how to develop a study plan. When you are finished with this course, you will have the skills and knowledge needed to be prepared for an (ISC)2 exam.

Table of contents
  1. Course Overview1m
  2. The (ISC)2® Exam Format12m
  3. How to Prepare for an (ISC)2® Examination 3m

CSSLP®: Secure Software Concepts

by Kevin Henry

Aug 8, 2017 / 4h 35m

4h 35m

Start Course
Description

Many applications written today are vulnerable to attack or compromise. This is because many developers are unaware of how to incorporate security principles into their applications. In this course, CSSLP®: Secure Software Concepts, you'll learn the foundational concepts of security in relation to application development, and be provided with the basis for building secure software that will withstand the attacks it will face - both accidental and intentional adverse events. First, you'll explore core concepts of secure software. Next, you'll dive into understanding the process of security design. Finally, you'll cover how to understand risk in a controlled environment as it applies to software. By the end of this course, you'll have a solid understanding of the core secure software concepts and be prepared to progress into the next domain.

Table of contents
  1. Course Overview2m
  2. Secure Software Core Concepts1h 57m
  3. Secure Software Concepts2h 36m

CSSLP®: Secure Software Requirements

by Kevin Henry

Aug 28, 2017 / 3h 24m

3h 24m

Start Course
Description

Many software development projects fail to meet business requirements and lack effective security and compliance controls. This is frequently blamed on a problem gathering requirements. The lack of expertise in requirements gathering often leads to inadequate design and poor development of software applications. In this course, CSSLP®: Secure Software Requirements, you'll help you prepare to develop, implement, and operate secure software programs and assist you in preparing for the CSSLP examination. First, you'll explore the core concepts of secure software. Next, you'll discover the process of security design. Finally, you'll get a better understanding of risk and the control environment as it applies to software. By the end of this course, you'll have a solid understanding of the core secure software concepts and be prepared to progress into the next domain of secure software requirements.

Table of contents
  1. Course Overview1m
  2. Identity Security Requirements49m
  3. Interpret Data Classification Requirements50m
  4. Include Security in Software Requirement Specifications1h 43m

CSSLP®: Secure Software Design

by Kevin Henry

Oct 10, 2017 / 5h 48m

5h 48m

Start Course
Description

Many software development projects fail to meet business requirements and address security risks adequately. In this course, CSSLP®: Secure Software Design, you'll learn how to address the business functional and security requirements for the new and modified software. First, you'll explore the methodologies, models, and architectural techniques that you'll use to develop an enterprise-wide security and business solution. Next, you'll discover how to establish trusted interfaces to other systems. Finally, you'll delve into the fascinating world of encryption. By the end of this course, you'll have the necessary knowledge to design an effective and secure software.

Table of contents
  1. Course Overview1m
  2. Requirements Allocation1h 2m
  3. Define the Security Architecture 2h 0m
  4. Performing Secure Interface Design1h 0m
  5. Design Secure Assembly Architecture for Component-based Systems1h 43m

CSSLP®: Secure Software Implementation and Programming

by Kevin Henry

Nov 14, 2017 / 2h 17m

2h 17m

Start Course
Description

Most applications are built with focus solely on functionality and the need to support business operations, but you know that programs must also be built to be secure. In this course, CSSLP®: Secure Software Implementation and Programming, you'll learn about a important domain for the CSSLP candidate, teaching you the areas covered in this part of the examination. First, you'll learn the nature of common application vulnerabilities and the ways to mitigate and harden your systems to prevent security failures. Next, you'll discover the benefits of following coding standards and how documentation can help in the maintenance and operations of software. Finally, you'll explore how to identify software vulnerabilities and know how to perform testing of units of code. By the end of this course, you'll gain an understanding of the need to build integrated solutions and consistently high quality code modules.

Table of contents
  1. Course Overview2m
  2. Follow Secure Coding Practices1h 37m
  3. Testing and Verification22m
  4. Malware15m

CSSLP®: Secure Software Testing

by Kevin Henry

Feb 2, 2018 / 2h 5m

2h 5m

Start Course
Description

Testing software requires a test strategy, plans and scripts that ensure that all aspects of the software have been tested - both from a functional and non-functional angle. In this course, CSSLP®: Secure Software Testing, you will gain understanding of how testing should discover deficiencies and ensure that all problems are resolved prior to implementation. First, you will discover how to develop test plans and scripts. Next, you will learn about vulnerability assessments and penetration testing. Finally, you will explore how to track and resolve software problems. By the end of this course, you will be prepared to progress into the next domain of CSSLP®.

Table of contents
  1. Course Overview1m
  2. Develop the Test Plan46m
  3. Developing and Acquiring Test Data28m
  4. Executing the Test Plan35m
  5. Working from Test Results13m

CSSLP®: Secure Lifecycle Management

by Kevin Henry

Feb 10, 2018 / 1h 53m

1h 53m

Start Course
Description

In this course, CSSLP®: Secure Lifecycle Management, you will learn how to ensure that software is designed and developed to operate securely, and will remain secure even as changes are made in the software itself or in its operational environment. First, you will learn about software support in business and management requirements to protect data and business assets and comply with laws and regulations. Next you will learn about the need for version control and the value of documentation. Finally you will touch on the decommissioning of software that presents security challenges that are addressed in this course. By the end of this course, you'll be prepared to progress into the next domain of the CSSLP®.

Table of contents
  1. Course Overview1m
  2. Identify Security Standards and Frameworks41m
  3. Secure Configuration50m
  4. Decommission Software20m

CSSLP®: Software Deployment, Operations, and Maintenance

by Kevin Henry

Mar 17, 2018 / 2h 27m

2h 27m

Start Course
Description

This course, CSSLP®: Software Deployment, Operations, and Maintenance, addresses the topics the exam candidate needs to know to preserve the security of software throughout its operational life. First, you will learn how to ensure that software is secured in its operational environment. Next you will touch on how security has to be tailored to meet environmental risk and operational challenges. Finally you will gain an understanding of how patches must be applied and backups taken to ensure resilience and operational integrity. By the end of this course, you'll be prepared to progress into the next domain of the CSSLP®.

Table of contents
  1. Course Overview2m
  2. Secure Software Deployment45m
  3. Secure Software Operations51m
  4. Secure Software Maintenance48m

CSSLP®: Supply Chain and Software Acquisition

by Kevin Henry

Mar 19, 2018 / 45m

45m

Start Course
Description

Your organization may outsource software development, and it almost certainly purchases software from vendors. How can you contribute to ensuring that vendor-supplied products meet regulatory and business needs and provide oversight for software development and implementation when provided by a third party? This course, CSSLP®: Supply Chain and Software Acquisition, you will first learn about the need to ensure security controls. Next you will learn about the ensuring the development process by a software vendor. Finally, you will touch on the process of updating and maintaining third-party software. By the end of this course, you'll have completed all 8 courses on the CSSLP® exam.

Table of contents
  1. Course Overview1m
  2. Analyze Security of Third Party Software22m
  3. Provide Support to the Acquisition Process20m

What you will learn

  • Protecting data and business assets and complying with laws and regulations
  • Following coding standards and how documentation can help in the maintenance and operations of software
  • Developing test plans and scripts
  • Identifying software vulnerabilities and how to perform testing of units of code
  • Managing each phase of the software development lifecycle
  • Tailoring security to meet environmental risk and operational challenges
  • Supporting incident response, patch and vulnerability management, and continuity of operations
  • Supporting the software acquisitions process

Pre-requisites

CSSLP® candidates are required to have a minimum of four years of cumulative, paid, full-time, professional software development lifecycle experience in at least one of the eight CSSLP® Common Body of Knowledge (CBK) domains. This series requires basic knowledge of software development and project management.