Contents

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

CSSLP® Certification All-in-One Exam Guide, Second Edition

Acknowledgments

CONTENTS

Acknowledgments

Exam Readiness Checklist

Part I Secure Software Concepts

Chapter 1 General Security Concepts

General Security Concepts

Security Basics

Secure Design Tenets

Security Models

Access Control Models

Multilevel Security Model

Integrity Models

Information Flow Models

Adversary Groups

Threat Landscape Shift

Chapter 2 Risk Management

Definitions and Terminology

Quantitative Terms

Risk Management Statements

Technology Risk

Qualitative Risk Management

Qualitative Matrix

Quantitative Risk Management

Comparison of Qualitative and Quantitative Methods

Governance, Risk, and Compliance

Regulations and Compliance

Risk Management Models

General Risk Management Model

Software Engineering Institute Model

Model Application

Chapter 3 Security Policies and Regulations

Regulations and Compliance

Gramm-Leach-Bliley

HIPAA and HITECH

Payment Card Industry Data Security Standard (PCI DSS)

Other Regulations

Intellectual Property

Personally Identifiable Information

Personal Health Information

Breach Notifications

Data Protection Principles

California Consumer Privacy Act 2018 (AB 375)

Security Standards

Secure Software Architecture

Security Frameworks

Trusted Computing

Trusted Computing Base

Trusted Platform Module

Microsoft Trustworthy Computing Initiative

Definitions and Terminology

Build vs. Buy Decision

Contractual Terms and Service Level Agreements

Chapter 4 Software Development Methodologies

Secure Development Lifecycle

Security vs. Quality

Security Features != Secure Software

Secure Development Lifecycle Components

Software Team Awareness and Education

Gates and Security Requirements

Threat Modeling

Security Reviews

Software Development Models

Microsoft Security Development Lifecycle

Part II Secure Software Requirements

Chapter 5 Policy Decomposition

Confidentiality, Integrity, and Availability Requirements

Confidentiality

Authentication, Authorization, and Auditing Requirements

Identification and Authentication

Access Control Mechanisms

Internal and External Requirements

Chapter 6 Data Classification and Categorization

Data Classification

Data Risk Impact

Chapter 7 Requirements

Functional Requirements

Role and User Definitions

Activities/Actions

Subject-Object-Activity Matrix

Abuse Cases (Inside and Outside Adversaries)

Sequencing and Timing

Secure Coding Standards

Operational Requirements

Deployment Environment

Requirements Traceability Matrix

Connecting the Dots

Part III Secure Software Design

Chapter 8 Design Processes

Attack Surface Evaluation

Attack Surface Measurement

Attack Surface Minimization

Threat Modeling

Threat Model Development

Control Identification and Prioritization

Risk Assessment for Code Reuse

Design and Architecture Technical Review

Chapter 9 Design Considerations

Application of Methods to Address Core Security Concepts

Confidentiality, Integrity, and Availability

Authentication, Authorization, and Auditing

Secure Design Principles

Interconnectivity

Chapter 10 Securing Commonly Used Architecture

Distributed Computing

Message Queuing

Service-Oriented Architecture

Enterprise Service Bus

Rich Internet Applications

Client-Side Exploits or Threats

Remote Code Execution

Pervasive/Ubiquitous Computing

Constant Connectivity

Radio Frequency Identification

Near-Field Communication

Sensor Networks

Mobile Applications

Integration with Existing Architectures

Cloud Architectures

Software as a Service

Platform as a Service

Infrastructure as a Service

Chapter 11 Technologies

Authentication and Identity Management

Identity Management

Credential Management

X.509 Credentials

Flow Control (Proxies, Firewalls, Middleware)

Application Firewalls

Queuing Technology

Data Loss Prevention

Digital Rights Management

Trusted Computing

Database Security

Privilege Management

Programming Language Environment

Compiler Switches

Managed vs. Unmanaged Code

Operating Systems

Embedded Systems

Control Systems

Part IV Secure Software Implementation/Programming

Chapter 12 Common Software Vulnerabilities and Countermeasures

CWE/SANS Top 25 Vulnerability Categories

OWASP Vulnerability Categories

Common Vulnerabilities and Countermeasures

Injection Attacks

Cryptographic Failures

Input Validation Failures

Buffer Overflow

Missing Defense Functions

General Programming Failures

Common Enumerations

Common Weakness Enumerations (CWE)

Common Vulnerabilities and Exposures (CVE)

Embedded Systems

Social Engineering Attacks

Chapter 13 Defensive Coding Practices

Declarative vs. Programmatic Security

Cryptographic Agility

Handling Configuration Parameters

Memory Management

Type-Safe Practice

Exception Management

Interface Coding

Primary Mitigations

Learning from Past Mistakes

Chapter 14 Secure Software Coding Operations

Code Analysis (Static and Dynamic)

Code/Peer Review

Build Environment

Integrated Development Environment (IDE)

Antitampering Techniques

Configuration Management: Source Code and Versioning

Part V Secure Software Testing

Chapter 15 Security Quality Assurance Testing

Standards for Software Quality Assurance

Testing Methodology

Functional Testing

Integration or Systems Testing

Performance Testing

Regression Testing

Security Testing

White-Box Testing

Black-Box Testing

Grey-Box Testing

Vulnerabilities

Attack Surface Validation

Testing Artifacts

Test Data Lifecycle Management

Chapter 16 Security Testing

Attack Surface Analyzer

Penetration Testing

Simulation Testing

Testing for Failure

Cryptographic Validation

Regression Testing

Impact Assessment and Corrective Action

Part VI Secure Lifecycle Management

Chapter 17 Secure Lifecycle Management

Introduction to Acceptance

Software Qualification Testing

Qualification Testing Plan

Qualification Testing Hierarchy

Pre-release Activities

Implementing the Pre-release Testing Process

Completion Criteria

Risk Acceptance

Post-release Activities

Validation and Verification

Independent Testing

Part VII Software Deployment, Operations, and Maintenance

Chapter 18 Secure Software Installation and Deployment

Secure Software Installation and Its Subsequent Deployment

Installation Validation and Verification

Planning for Operational Use

Configuration Management

Organizing the Configuration Management Process

Configuration Management Roles

The Configuration Management Plan

The Configuration Management Process

Chapter 19 Secure Software Operations and Maintenance

Secure Software Operations

Operations Process Implementation

The Software Maintenance Process

Incident Management

Problem Management

Change Management

Backup, Recovery, and Archiving

Secure Software Disposal

Software Disposal Planning

Software Disposal Execution

Part VIII Supply Chain and Software Acquisition

Chapter 20 Supply Chain and Software Acquisition

Supplier Risk Assessment

What Is Supplier Risk Assessment?

Risk Assessment for Code Reuse

Intellectual Property

Legal Compliance

Supplier Prequalification

Supplier Sourcing

Contractual Integrity Controls

Vendor Technical Integrity Controls for Third-Party Suppliers

Managed Services

Service Level Agreements

Software Development and Testing

Security Testing Controls

Software Requirements Testing and Validation

Software Requirements Testing and Validation for Subcontractors

Software Delivery, Operations, and Maintenance

Chain of Custody

Publishing and Dissemination Controls

System-of-Systems Integration

Software Authenticity and Integrity

Product Deployment and Sustainment Controls

Monitoring and Incident Management

Vulnerability Management, Tracking, and Resolution

Supplier Transitioning

Appendix About the Online Content

System Requirements

Your Total Seminars Training Hub Account

Single User License Terms and Conditions

TotalTester Online

Technical Support

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

18.222.37.169