(ISC)²

CIS1550 Introduction for Secure Programming

(OAKCC-CIS1550.AO2)
Lessons
Lab
TestPrep
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction

  • Why Focus on Software Development?
  • The Role of CSSLP
  • How to Use This Course
  • The Examination
  • Exam Objective Map
  • CSSLP Version 3 (2020)
2

Core Concepts

  • Confidentiality
  • Integrity
  • Availability
  • Authentication
  • Authorization
  • Accountability (Auditing and Logging)
  • Nonrepudiation
  • Secure Development Lifecycle
  • Secure Development Lifecycle Components
  • Lesson Review
3

Security Design Principles

  • System Tenets
  • Secure Design Tenets
  • Security Models
  • Adversaries
  • Lesson Review
4

Define Software Security Requirements

  • Functional Requirements
  • Operational and Deployment Requirements
  • Connecting the Dots
  • Lesson Review
5

Identify and Analyze Compliance Requirements

  • Regulations and Compliance
  • Data Classification
  • Privacy
  • Lesson Review
6

Misuse and Abuse Cases

  • Misuse/Abuse Cases
  • Requirements Traceability Matrix
  • Software Acquisition
  • Lesson Review
7

Secure Software Architecture

  • Perform Threat Modeling
  • Define the Security Architecture
  • Lesson Review
8

Secure Software Design

  • Performing Secure Interface Design
  • Performing Architectural Risk Assessment
  • Model (Nonfunctional) Security Properties and Constraints
  • Model and Classify Data
  • Evaluate and Select Reusable Secure Design
  • Perform Security Architecture and Design Review
  • Define Secure Operational Architecture
  • Use Secure Architecture and Design Principles, Patterns, and Tools
  • Lesson Review
9

Secure Coding Practices

  • Declarative vs. Imperative Security
  • Memory Management
  • Error Handling
  • Interface Coding
  • Primary Mitigations
  • Learning from Past Mistakes
  • Secure Design Principles
  • Interconnectivity
  • Cryptographic Failures
  • Input Validation Failures
  • General Programming Failures
  • Technology Solutions
  • Lesson Review
10

Analyze Code for Security Risks

  • Code Analysis (Static and Dynamic)
  • Code/Peer Review
  • Code Review Objectives
  • Additional Sources of Vulnerability Information
  • CWE/SANS Top 25 Vulnerability Categories
  • OWASP Vulnerability Categories
  • Common Vulnerabilities and Countermeasures
  • Lesson Review
11

Implement Security Controls

  • Security Risks
  • Implement Security Controls
  • Applying Security via the Build Environment
  • Anti-tampering Techniques
  • Defensive Coding Techniques
  • Primary Mitigations
  • Secure Integration of Components
  • Lesson Review
12

Security Test Cases

  • Security Test Cases
  • Attack Surface Evaluation
  • Penetration Testing
  • Common Methods
  • Lesson Review
13

Security Testing Strategy and Plan

  • Develop a Security Testing Strategy and a Plan
  • Functional Security Testing
  • Nonfunctional Security Testing
  • Testing Techniques
  • Environment
  • Standards
  • Crowd Sourcing
  • Lesson Review
14

Software Testing and Acceptance

  • Perform Verification and Validation Testing
  • Identify Undocumented Functionality
  • Analyze Security Implications of Test Results
  • Classify and Track Security Errors
  • Secure Test Data
  • Lesson Review
15

Secure Configuration and Version Control

  • Secure Configuration and Version Control
  • Define Strategy and Roadmap
  • Manage Security Within a Software Development Methodology
  • Identify Security Standards and Frameworks
  • Define and Develop Security Documentation
  • Develop Security Metrics
  • Decommission Software
  • Report Security Status
  • Lesson Review
16

Software Risk Management

  • Incorporate Integrated Risk Management
  • Promote Security Culture in Software Development
  • Implement Continuous Improvement
  • Lesson Review
17

Secure Software Deployment

  • Perform Operational Risk Analysis
  • Release Software Securely
  • Securely Store and Manage Security Data
  • Ensure Secure Installation
  • Perform Post-Deployment Security Testing
  • Lesson Review
18

Secure Software Operations and Maintenance

  • Obtain Security Approval to Operate
  • Perform Information Security Continuous Monitoring
  • Support Incident Response
  • Perform Patch Management
  • Perform Vulnerability Management
  • Runtime Protection
  • Support Continuity of Operations
  • Integrate Service Level Objectives and Service Level Agreements
  • Lesson Review
19

Software Supply Chain Risk Management

  • Implement Software Supply Chain Risk Management
  • Analyze Security of Third-Party Software
  • Verify Pedigree and Provenance
  • Lesson Review
20

Supplier Security Requirements

  • Ensure Supplier Security Requirements in the Acquisition Process
  • Support Contractual Requirements
  • Lesson Review

1

Core Concepts

  • Protecting Data in Transit and at Rest
  • Protecting Sensitive Data and Functions
2

Secure Software Design

  • Protecting Database Access
3

Secure Coding Practices

  • Identifying Vulnerabilities in a Software Project
  • Finding Common Web Vulnerabilities
  • Examining the Project Files
  • Reviewing Error Handling
  • Identifying Software Defects and Misconfiguration
4

Analyze Code for Security Risks

  • Identifying Vulnerabilities in an Application
  • Cracking a Password Hash
  • Fixing a Password Hash Vulnerability
5

Implement Security Controls

  • Designing for Security
  • Managing People Risks
6

Security Test Cases

  • Performing a Memory-Based Attack
  • Improving Error Handling
  • Performing Manual Inspection and Review
  • Performing Code Analysis
  • Using a Test Suite to Automate Unit Testing
  • Monitoring and Logging a Deployed Application
  • Handling Privacy Defects
  • Handling Authentication and Authorization Defects
  • Staging a Persisted XSS Attack on an Administrator Function
7

Secure Configuration and Version Control

  • Managing Software Development Process Risks

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

Related Courses

All Courses
We use cookies for improving site experience and analytics. Learn More