(ISC)²

UOP-CYB505: Secure Software Development

(UOP-CYB505.AO2)
Lessons
TestPrep
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Secure Software Concepts

  • Confidentiality
  • Integrity
  • Availability
  • Authentication
  • Authorization
  • Accountability (Auditing and Logging)
  • Nonrepudiation
  • Secure Development Lifecycle
  • Secure Development Lifecycle Components
  • System Tenets
  • Secure Design Tenets
  • Security Models
  • Adversaries
2

Secure Software Requirements

  • Functional Requirements
  • Operational and Deployment Requirements
  • Connecting the Dots
  • Regulations and Compliance
  • Data Classification
  • Privacy
  • Misuse/Abuse Cases
  • Requirements Traceability Matrix
  • Software Acquisition
3

Secure Software Design

  • Perform Threat Modeling
  • Define the Security Architecture
  • Performing Secure Interface Design
  • Performing Architectural Risk Assessment
  • Model (Nonfunctional) Security Properties and Constraints
  • Model and Classify Data
  • Evaluate and Select Reusable Secure Design
  • Perform Security Architecture and Design Review
  • Define Secure Operational Architecture
  • Use Secure Architecture and Design Principles, Patterns, and Tools
4

Secure Software Implementation

  • Declarative vs. Imperative Security
  • Memory Management
  • Error Handling
  • Interface Coding
  • Primary Mitigations
  • Learning from Past Mistakes
  • Secure Design Principles
  • Interconnectivity
  • Cryptographic Failures
  • Input Validation Failures
  • General Programming Failures
  • Technology Solutions
  • Code Analysis (Static and Dynamic)
  • Code/Peer Review
  • Code Review Objectives
  • Additional Sources of Vulnerability Information
  • CWE/SANS Top 25 Vulnerability Categories
  • OWASP Vulnerability Categories
  • Common Vulnerabilities and Countermeasures
  • Security Risks
  • Implement Security Controls
  • Applying Security via the Build Environment
  • Anti-tampering Techniques
  • Defensive Coding Techniques
  • Primary Mitigations
  • Secure Integration of Components
5

Secure Software Testing

  • Security Test Cases
  • Attack Surface Evaluation
  • Penetration Testing
  • Common Methods
  • Develop a Security Testing Strategy and a Plan
  • Functional Security Testing
  • Nonfunctional Security Testing
  • Testing Techniques
  • Environment
  • Standards
  • Crowd Sourcing
  • Perform Verification and Validation Testing
  • Identify Undocumented Functionality
  • Analyze Security Implications of Test Results
  • Classify and Track Security Errors
  • Secure Test Data
6

Secure Lifecycle Management, Software Deployment, Operations, Maintenance and Supply Chain

  • Secure Configuration and Version Control
  • Define Strategy and Roadmap
  • Manage Security Within a Software Development Methodology
  • Identify Security Standards and Frameworks
  • Define and Develop Security Documentation
  • Develop Security Metrics
  • Decommission Software
  • Report Security Status
  • Incorporate Integrated Risk Management
  • Promote Security Culture in Software Development
  • Implement Continuous Improvement
  • Perform Operational Risk Analysis
  • Release Software Securely
  • Securely Store and Manage Security Data
  • Ensure Secure Installation
  • Perform Post-Deployment Security Testing
  • Obtain Security Approval to Operate
  • Perform Information Security Continuous Monitoring
  • Support Incident Response
  • Perform Patch Management
  • Perform Vulnerability Management
  • Runtime Protection
  • Support Continuity of Operations
  • Integrate Service Level Objectives and Service Level Agreements
  • Implement Software Supply Chain Risk Management
  • Analyze Security of Third-Party Software
  • Verify Pedigree and Provenance
  • Ensure Supplier Security Requirements in the Acquisition Process
  • Support Contractual Requirements