CSSLP: Secure Software Implementation and Coding

This course is included in our On-demand training solution.

Overview

Building security controls within software implementation and coding is vital for end-product software security. In this course, you’ll learn about declarative versus programmatic security, how to use Open Web Application Security Project or OWASP and Common Weakness Enumeration or CWE as great security sources, and some defense coding practices and controls such as configuration, error handling, and session management. This course also covers some essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

Target Audience

Individuals interested in secure software lifecycle design concepts and methodologies; candidates for the Certified Secure Software Lifecycle Professional (CSSLP) exam

Prerequisites

None

Expected Duration

120 min.

Course Objectives

Course Introduction

Declarative Security

  • recognize characteristics of declarative security
  • Programmatic Security

  • recognize characteristics of programmatic security
  • OWASP Top 10

  • locate and list the Open Web Applications Security Project or OWASP “Top 10”
  • CWE

  • locate and list the Common Weakness Enumeration or CWE list of software weaknesses
  • Concurrency

  • recognize examples of using concurrency as a defensive coding practice
  • Configuration

  • recognize examples of using configuration as a defensive coding practice
  • Cryptology

  • recognize examples of using cryptology as a defensive coding practice
  • Output Sanitization

  • recognize examples of using output sanitization as a defensive coding practice
  • Error Handling

  • recognize examples of using error handling as a defensive coding practice
  • Input Validation

  • recognize examples of using input validation as a defensive coding practice
  • Logging and Auditing

  • recognize examples of using logging and auditing as a defensive coding practice
  • Session Management

  • recognize examples of using session management as a defensive coding practice
  • Exception Management

  • recognize examples of using exception management as a defensive coding practice
  • Safe APIs

  • distinguish between safe and unsafe application programming interface or API coding practices
  • Type Safety

  • distinguish between examples of static and dynamic type safety enforcement
  • Memory Management

  • recognize characteristics of memory management as a defensive coding practice
  • Configuration Parameter Management

  • recognize characteristics of configuration parameter management as a defensive coding practice
  • Tokenizing

  • recognize examples of tokenizing as a defensive coding practice
  • Sandboxing

  • recognize characteristics of sandboxing as a defensive coding practice
  • Source Code and Versioning

  • identify source code and versioning best practices
  • Build Environment

  • identify build environment best practices
  • Peer-based Code Review

  • recognize characteristics of peer-based code reviews
  • Code Analysis

  • distinguish between static and dynamic code analysis
  • Anti-tampering Techniques

  • list the steps for code signing
  • Exercise: Defensive and Secure Coding

    SUBSCRIPTION COST



     

    NEED HELP OR NOT SURE?