ISC2 معتبر Secure Software LifeCycle Professional (CSSLP) (2023) CERT PREP

مدرس Jerod Brennen

انتشار 2024/06/25

مدت زمان 13h 41m

سطح مناسب همه

فایل تمرینی ندارد

آموزش ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

گواهینامه معتبر Secure Secure LifeCycle Professional (CSSLP) برای متخصصان توسعه نرم افزار و متخصصان امنیتی از جمله معماران نرم افزاری ، توسعه دهندگان ، مدیران پروژه ، مدیران امنیت ، آزمایش کنندگان تضمین کیفیت و هر کسی که مسئول اطمینان از امنیت برنامه های نرم افزاری در طول عمر توسعه باشد ، طراحی شده است. این دوره جامع با مربی جرود برنن به شما کمک می کند تا برای مقابله با امتحان رسمی CSSLP آماده شوید. مفاهیم اصلی و مهارتهای اساسی مورد نیاز برای هر یک از هشت حوزه امتحان را کاوش کنید: مفاهیم نرم افزاری ایمن ؛ مدیریت چرخه عمر نرم افزار ایمن ؛ الزامات نرم افزاری ایمن ؛ معماری و طراحی نرم افزار ایمن ؛ اجرای نرم افزار ایمن ؛ تست نرم افزار ایمن ؛ استقرار نرم افزار ، عملیات و نگهداری ؛ و زنجیره تأمین نرم افزار ایمن.

Software Development Life Cycle (SDLC) Software Development Security

Introduction

Prepping for the CSSLP ()

1. Domain 1: Secure Software Concepts

Secure software concepts ()

What you should know ()

The goals of application security ()

2. The CIA Triad

Confidentiality ()

Integrity ()

Availability ()

3. Identity and Access Management

Authentication ()

Authorization ()

Accountability ()

Nonrepudiation ()

Governance, risk, and compliance ()

4. Access Controls

Least privilege ()

Separation of duties ()

Economy of mechanism ()

Complete mediation ()

5. Design Considerations

Defense in depth ()

Resiliency ()

Open design ()

Least common mechanism ()

Psychological acceptability ()

Leveraging existing components ()

Eliminate single point of failure ()

Diversity of defense ()

6. Domain 2: Secure Software Lifecycle Management

Secure software lifecycle management ()

7. Laying Your Foundation

Strategy and roadmap ()

Development methodologies ()

Integrated risk management ()

Promote security culture ()

8. Setting Expectations

Security standards and frameworks ()

Security documentation ()

Hardware and software configuration ()

Ongoing configuration management ()

9. Improving Over Time

Decommission software ()

Manage licenses and archives ()

Security metrics ()

Reporting security status ()

Continuous improvement ()

Implement secure operations practices ()

10. Domain 3: Secure Software Requirements

Determining security requirements ()

11. Security Requirements

Functional requirements ()

Nonfunctional requirements ()

Policy decomposition ()

Legal, regulatory, and industry ()

12. Privacy Requirements

Security vs. privacy ()

Data anonymization ()

User consent ()

Disposition ()

Private data storage ()

13. Data Classification Requirements

Data ownership ()

Labeling ()

Types of data ()

Data lifecycle ()

14. Validating Your Requirements

Misuse and abuse cases ()

Software requirement specifications ()

Security requirement traceability matrix ()

15. Domain 4: Secure Software Architecture and Design

Secure software design ()

16. Threat Modeling

What is threat modeling? ()

Understand common threats ()

Attack surface evaluation ()

17. Security Architecture

Secure architecture and design patterns ()

Identifying and prioritizing controls ()

Traditional application architectures ()

Pervasive and ubiquitous computing ()

Rich internet and mobile applications ()

Cloud architectures ()

Embedded system considerations ()

Architectural risk assessments ()

Component-based systems ()

Security enhancing tools ()

Cognitive computing ()

Control systems ()

18. Security Design

Components of a secure environment ()

Designing network and server controls ()

Designing data controls ()

Secure design principles and patterns ()

Secure interface design ()

Security architecture and design review ()

Secure operational architecture ()

19. Modeling

Nonfunctional properties and constraints ()

Data modeling and classification ()

20. Domain 5: Secure Software Implementation

Secure software implementation ()

21. Secure Coding Practices

Declaring variables ()

Inputs and outputs ()

Protecting secrets ()

Data-flow security ()

Deployment and operations ()

Isolation techniques ()

Processor microarchitecture security ()

22. Finding and Fixing Vulnerabilities

Identifying risks ()

The OWASP Top 10: 1-5 ()

The OWASP Top 10: 6-10 ()

Common Weakness Enumeration (CWE) ()

Addressing risks ()

23. Component Security

Third-party code and libraries ()

Component integration ()

Implementing security controls ()

Security in the build process ()

24. Domain 6: Secure Software Testing

Secure software testing ()

25. Developing Security Test Cases

Understanding your test environment ()

Automation vs. manual testing ()

Ensuring a comprehensive approach ()

Validating cryptography ()

26. Developing a Testing Strategy

Grouping your tests ()

Leveraging external resources ()

Verifying and validating documentation ()

27. Conducting Security Tests

Securing test data ()

Verification and validation testing ()

Identifying undocumented functionality ()

28. Reviewing the Results

Security implications of test results ()

Classifying and tracking security errors ()

29. Domain 7: Secure Software Deployment, Operations, and Maintenance

Secure software deployment, operations, and maintenance ()

30. Deploying Your Software

Performing an operational risk analysis ()

Releasing software securely ()

Storing and managing security data ()

Ensuring secure installation ()

Post-deployment security testing ()

31. Shifting Into Operations

Obtaining security approval to operate ()

Continuous security monitoring ()

Support incident response ()

Support continuity of operations ()

Service level objectives and agreements ()

32. Maintaining Your Software

Patch management ()

Vulnerability management ()

Runtime protection ()

33. Domain 8: Secure Software Supply Chain

Secure software supply chain ()

34. Supply Chain Risk Management

Identifying and selecting components ()

Assessing components' risks ()

Responding to those risks ()

Monitoring changes and vulnerabilities ()

Maintaining third-party components ()

35. Ensure Software Security

Analyzing third-party software security ()

Verifying pedigree and provenance ()

36. Get It in Writing

Security in the acquisition process ()

Contractual requirements ()

37. Exam Logistics

Registering for the exam ()

Exam environment ()

Passing the exam ()

Exam tips ()

Practice tests ()

Experience requirements ()

Continuing education requirements ()

Conclusion

Next steps ()

دانلود فایل فشرده

با توجه به امکانات آموزش و همچنین امکانات بسته انتخاب شده لینک دانلود فایل فشرده آماده خواهد شد. با در نظر داشتن این شرایط لطفا بسته مورد نظر خود را انتخاب کرده و روی دکمه درخواست لینک دانلود کلیک کنید

در حال به روزرسانی اطلاعات

درخواست لینک دانلود

در حال به روزرسانی اطلاعات

لطفا قبل از فعالسازی لینک دانلود به موارد زیر توجه کنید:

پسورد فایل‌های فشرده است.
لینک‌های آماده شده تا 8 روز پس از فعالسازی منقضی خواهند شد.
حجم فایل‌ها تخمینی هستند.
در صورتی که لینک دانلود تا 15دقیقه پس از درخواست آماده نشد، از بخش پشتیبانی پیگیری نمایید.