CSSLP: Secure Software Design


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level



Overview/Description
Security practices must be integrated in every aspect of software design. In this course, you'll explore secure software design processes such as attack surface evaluation, threat modeling, control identification, and prioritization. You'll also be introduced to specific design considerations to keep in mind like addressing core security concepts and interconnectivity. Finally, this course covers best practices for securing commonly used architecture and technologies like virtualization, database, and the programming language environment. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

Target Audience
Individuals interested in secure software lifecycle design concepts and methodologies; candidates for the Certified Secure Software Lifecycle Professional (CSSLP) exam

Prerequisites
None

Expected Duration (hours)
2.5

Lesson Objectives

CSSLP: Secure Software Design

  • start the course
  • measure and minimize attack surface
  • recognize threat modeling techniques and the purpose of documentation
  • identify characteristics of control identification and prioritization
  • identify characteristics of design and architecture technical review
  • identify characteristics of risk assessment for code reuse
  • distinguish between applicable methods to address core security concepts
  • recognize security design principle best practices
  • distinguish between interconnectivity activities best practices
  • identify interfaces best practices
  • distinguish between the different architectural forms and supporting elements of secured distributed computing
  • recognize best practices for securing service-oriented architecture
  • recognize best practices for securing rich Internet applications
  • recognize best practices for securing pervasive and ubiquitous computing
  • recognize best security practices when integrating with existing architectures
  • recognize best practices for securing cloud architectures
  • recognize best practices for securing mobile applications
  • distinguish between characteristics of authentication and identity management
  • recognize characteristics of credential management
  • distinguish between flow control methods
  • recognize characteristics of logging
  • recognize characteristics of data loss prevention
  • identify benefits of virtualization in secure software design
  • recognize types of Rights Expression Language or REL in Digital Rights Management or DRM
  • recognize characteristics of trusted computing
  • distinguish between database security techniques
  • distinguish between compilers, interpreters, and hybrid source codes
  • recognize characteristics of operating systems
  • distinguish between control systems and firmware
  • identify best practices for designing secure software
  • Course Number:
    sp_slcp_a03_it_enus

    Expertise Level
    Intermediate