CSSLP: Secure Software Implementation and Coding

Individuals interested in secure software lifecycle design concepts and methodologies; candidates for the Certified Secure Software Lifecycle Professional (CSSLP) exam

Prerequisite
None

Expected Duration
128 minutes

Description
Building security controls within software implementation and coding is vital for end-product software security. In this course, you’ll learn about declarative versus programmatic security, how to use Open Web Application Security Project or OWASP and Common Weakness Enumeration or CWE as great security sources, and some defense coding practices and controls such as configuration, error handling, and session management. This course also covers some essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

Objective

Declarative Versus Programmatic Security

  • start the course
  • recognize characteristics of declarative security
  • recognize characteristics of programmatic security

Vulnerability Databases and Lists

  • locate and list the Open Web Applications Security Project or OWASP “”Top 10″”
  • locate and list the Common Weakness Enumeration or CWE list of software weaknesses

Defense Coding Practices and Controls

  • recognize examples of using concurrency as a defensive coding practice
  • recognize examples of using configuration as a defensive coding practice
  • recognize examples of using cryptology as a defensive coding practice
  • recognize examples of using output sanitization as a defensive coding practice
  • recognize examples of using error handling as a defensive coding practice
  • recognize examples of using input validation as a defensive coding practice
  • recognize examples of using logging and auditing as a defensive coding practice
  • recognize examples of using session management as a defensive coding practice
  • recognize examples of using exception management as a defensive coding practice
  • distinguish between safe and unsafe application programming interface or API coding practices
  • distinguish between examples of static and dynamic type safety enforcement
  • recognize characteristics of memory management as a defensive coding practice
  • recognize characteristics of configuration parameter management as a defensive coding practice
  • recognize examples of tokenizing as a defensive coding practice
  • recognize characteristics of sandboxing as a defensive coding practice

Secure Coding Practices

  • identify source code and versioning best practices
  • identify build environment best practices
  • recognize characteristics of peer-based code reviews
  • distinguish between static and dynamic code analysis
  • list the steps for code signing

Practice: Secure Implementation and Coding

  • identify techniques for defensive and secure coding

MONTHLY SUBSCRIPTION

$129/month
 

ANNUAL SUBSCRIPTION

$1295/year

Multi-license discounts available for Annual and Monthly subscriptions.