CSSLP: Secure Software Implementation and Coding


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description
Building security controls within software implementation and coding is vital for end-product software security. In this course, you'll learn about declarative versus programmatic security, how to use Open Web Application Security Project or OWASP and Common Weakness Enumeration or CWE as great security sources, and some defense coding practices and controls such as configuration, error handling, and session management. This course also covers some essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

Target Audience
Individuals interested in secure software lifecycle design concepts and methodologies; candidates for the Certified Secure Software Lifecycle Professional (CSSLP) exam

Prerequisites
None

Expected Duration (hours)
2.1

Lesson Objectives

CSSLP: Secure Software Implementation and Coding

  • start the course
  • recognize characteristics of declarative security
  • recognize characteristics of programmatic security
  • locate and list the Open Web Applications Security Project or OWASP "Top 10"
  • locate and list the Common Weakness Enumeration or CWE list of software weaknesses
  • recognize examples of using concurrency as a defensive coding practice
  • recognize examples of using configuration as a defensive coding practice
  • recognize examples of using cryptology as a defensive coding practice
  • recognize examples of using output sanitization as a defensive coding practice
  • recognize examples of using error handling as a defensive coding practice
  • recognize examples of using input validation as a defensive coding practice
  • recognize examples of using logging and auditing as a defensive coding practice
  • recognize examples of using session management as a defensive coding practice
  • recognize examples of using exception management as a defensive coding practice
  • distinguish between safe and unsafe application programming interface or API coding practices
  • distinguish between examples of static and dynamic type safety enforcement
  • recognize characteristics of memory management as a defensive coding practice
  • recognize characteristics of configuration parameter management as a defensive coding practice
  • recognize examples of tokenizing as a defensive coding practice
  • recognize characteristics of sandboxing as a defensive coding practice
  • identify source code and versioning best practices
  • identify build environment best practices
  • recognize characteristics of peer-based code reviews
  • distinguish between static and dynamic code analysis
  • list the steps for code signing
  • identify techniques for defensive and secure coding

    • Course Number:
    sp_slcp_a04_it_enus

    Expertise Level
    Intermediate