Introduction

In a day and age when security breaches in software are costing companies large fines and regulatory burdens, developing software that is reliable in its functionality, resilient against attackers, and recoverable when the expected business operations are disrupted, is a must have. The assurance of confidentiality, integrity and availability is becoming an integral part of software development.

(ISC)2® has a proven track record in educating and certifying information security professionals and is the global leader in information security. Its newest certification, the Certified Secure Software Lifecycle Professional (CSSLP®) is a testament to the organization’s ongoing commitment to information security in general and specifically to software security. A decade from now, it is highly unlikely that anyone who is involved with software development would do so, without giving attention to the security aspects of software development. The CSSLP certification is therefore a must have for all the stakeholders, from the business analyst and builder of code to the executives in the boardroom, who either interface with or participate in a software development project.

The CSSLP takes a holistic approach to secure software development. It covers the various people, processes and technology elements of developing software securely throughout the entire lifecycle of a project. Starting with requirements analysis to final retirement, and proceeding through design, implementation, release and operations, the CSSLP covers all of the necessary aspects of secure software development. Since software is not developed and executed in a silo, the CSSLP not only focuses on the security aspects of software development, but it also takes into account the security aspects of the networks and hosts on which the software will run. Additionally, it takes a strategic long term view to improve the overall state of software security within an organization while providing tactical solutions. The CSSLP certification is vendor agnostic and language agnostic.

The following list represents the current seven domains of the CSSLP common body of knowledge (CBK®) and the high level topics covered in each domain. A comprehensive list can be obtained by requesting the Candidate Information Bulletin from the (ISC)2 website at www.isc2.org.

1. Secure Software Concepts

   Without a strong foundation, buildings have been known to collapse and the same is true when it comes to building software. For software to be secure and resilient against hackers, it must take into account certain foundational concepts of information security. These include confidentiality, integrity, availability, authentication, authorization, auditing, and management of sessions, exceptions/errors, and configuration. The candidate is expected to be familiar with these foundational concepts and how to apply them while developing software. They must be familiar with the principles of risk management and governance as it applies to software development. Regulatory, privacy and compliance requirements that impose the need for secure software and the repercussions of non-compliance must be understood. Security models and trusted computing concepts that can be applied in software that is built in-house or purchased are covered and it is imperative that the candidate is familiar with their applications.

2. Secure Software Requirements

   The lack of secure software requirements plagues many software development projects today. It is important to explicitly articulate and capture the security requirements that need to be designed and implemented in the software and in the requirements traceability matrix, for without it, software not only suffers from poor product quality, but extensive timelines, increased cost of re-architecture, end-user dissatisfaction and even security breaches. The internal and external sources of secure software requirements, along with the processes to elicit these requirements are covered. Protection needs elicitation using data classification, use and misuse case modeling, subject-object matrices and sequencing and timing aspects as it pertains to software development is to be thoroughly understood. The candidate is expected to be familiar with these sources and processes that can be used for determining secure software requirements.

3. Secure Software Design

   Addressing security early on the life cycle is not only less costly but resource- and schedule-efficient as well. Securely designing software takes into account the implementation of several secure design principles, such as least privilege, separation of duties, open design, complete mediation, etc. Threat modeling that is initiated in the design phase is an important activity that helps in identifying threats to software and the controls that should be implemented to address the risk. The candidate must be familiar with the principles of designing software securely, know how to threat model software and be aware of the inherent security benefits that are evident or are lacking in different architectures. Practical knowledge of how to conduct a design and architecture review with a security perspective is expected.

4. 4. Secure Software Implementation/Coding

   Writing secure code is one of the most important aspects of secure software development. There are several software development methodologies ranging from the traditional Waterfall model to the current agile development methodologies such as extreme programming and Scrum. The security benefits and drawbacks of each of these methodologies must be understood. Code that is written without the appropriate implementation of secure controls is prone to attack. Some of the most common attacks against software applications today include injection attacks against databases and directory stores, cross site scripting (XSS) attacks, cross-site request forgery (CSRF), and buffer overflows. It is important to be familiar with how a vulnerability can be exploited and what controls can be implemented to address the risk. The anatomy of the attacks that exploit the vulnerabilities published by the Open Web Application Security Project (OWASP) as the Top Ten application security risks and the CWE/SANS top 25 most dangerous software errors are to be known. Additionally one is expected to know defensive coding techniques and processes, including memory management, static and dynamic code analysis, code/peer review and build/compiler security.

5. Secure Software Testing

   The importance of validating the presence of and verifying the effectiveness of security controls implemented in software cannot be overstated. The reliability, resiliency and recoverability aspect of software assurance can be accomplished using quality assurance and security testing. What to test, who is to test and how to test software for security issues, must be understood. The candidate must be familiar with the characteristics and differences between black box, white box and gray box testing and know about the different types of fuzz testing. One must be familiar with logic testing, penetration testing, fuzz testing, simulation testing, regression testing and user acceptance testing, which are covered in detail. Upon the successful completion of functional and security tests, the defects that are determined need to be tracked and addressed accordingly. The CSSLP candidate is not expected to know all the tools that are used for software testing, but one must be familiar with what tests need to be performed and how they can be performed, with or without tools.

6. Software Acceptance

   Before software is released or deployed into production, it is imperative to ensure that the developed software meets the required compliance, quality, functional and assurance requirements. The software, which is either built or bought, needs to be validated and verified within the computing ecosystems, where it will be deployed against a set of defined acceptance criteria. Certification and accreditation exercises need to be undertaken to ensure that the residual risk is below the acceptable threshold. It is important for one to be familiar with legal protection mechanisms that need to exist when procuring commercially off the shelf (COTS) software. The importance of software escrowing and the security benefits it offers is covered in detail and the candidate must know the reasons for software escrowing.

7. Software Deployment, Operations, Maintenance and Disposal

   Upon successful formal acceptance of the software by the customer/client, the installation of the software must be performed with security in mind. Failure to do so can potentially render all of the software security efforts that were previously undertaken to design and build the software futile. Once software is installed, it needs to be continuously monitored to guarantee that the software will continue to function in a reliable, resilient and recoverable manner as expected. Continuous monitoring, patch management, incident management, problem management, and configuration management are covered. The development and enforcement of End-of-Life (EOL) policies that define the criteria for disposal of data and software must be understood, because improper data and media sanitization can lead to serious security ramifications.

This guide is a valuable resource to anyone preparing for the CSSLP certification examination and can serve as a software security reference book to even those who are already part of the certified elite. The Official (ISC) 2® Guide to the CSSLP® is a must have to anyone involved in software development!