Muutke küpsiste eelistusi

CSSLP Certification All-in-One Exam Guide, Second Edition 2nd edition [Pehme köide]

4.25/5 (8 hinnangut Goodreads-ist)
,
  • Formaat: Paperback / softback, 464 pages, kõrgus x laius x paksus: 231x188x25 mm, kaal: 798 g, 175 Illustrations
  • Ilmumisaeg: 10-Mar-2019
  • Kirjastus: McGraw-Hill Education
  • ISBN-10: 1260441687
  • ISBN-13: 9781260441680
Teised raamatud teemal:
  • Pehme köide
  • Hind: 82,89 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
CSSLP Certification All-in-One Exam Guide, Second Edition 2nd editionSuurem pilt
  • Formaat: Paperback / softback, 464 pages, kõrgus x laius x paksus: 231x188x25 mm, kaal: 798 g, 175 Illustrations
  • Ilmumisaeg: 10-Mar-2019
  • Kirjastus: McGraw-Hill Education
  • ISBN-10: 1260441687
  • ISBN-13: 9781260441680
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781260441680.html
Märksõnad:
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.

This self-study guide delivers 100% coverage of all domainsin the the CSSLP exam

Get complete coverage of all the material included on the Certified Secure Software Lifecycle Professional exam. CSSLP Certification All-in-One Exam Guide, Second Edition covers all eight exam domains developed by the International Information Systems Security Certification Consortium (ISC)2®. You’ll find learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. Designed to help you pass the exam with ease, this definitive resource also serves as an essential on-the-job reference.

Covers all eight exam domains:

Secure Software Concepts
Secure Software Requirements
Secure Software Design
Secure Software Implementation/Programming
Secure Software Testing
Software Lifecycle Management
Software Deployment, Operations, and Maintenance
Supply Chain and Software Acquisition

Online content includes:

Test engine that provides full-length practice exams or customized quizzes by chapter or exam domain

Acknowledgments xx
Introduction xxi
Exam Readiness Checklist xxiii
Part I: Secure Software Concepts
Chapter 1 General Security Concepts
3(28)
General Security Concepts
3(11)
Security Basics
3(4)
System Tenets
7(2)
Secure Design Tenets
9(5)
Security Models
14(7)
Access Control Models
14(3)
Multilevel Security Model
17(1)
Integrity Models
18(1)
Information Flow Models
19(2)
Adversaries
21(4)
Adversary Type
21(1)
Adversary Groups
22(2)
Threat Landscape Shift
24(1)
Chapter Review
25(6)
Quick Tips
26(1)
Questions
26(3)
Answers
29(2)
Chapter 2 Risk Management
31(20)
Definitions and Terminology
32(2)
General Terms
32(1)
Quantitative Terms
33(1)
Risk Management Statements
33(1)
Types of Risk
34(8)
Business Risk
34(1)
Technology Risk
35(1)
Risk Controls
36(1)
Qualitative Risk Management
37(1)
Qualitative Matrix
37(2)
Quantitative Risk Management
39(3)
Comparison of Qualitative and Quantitative Methods
42(1)
Governance, Risk, and Compliance
42(2)
Regulations and Compliance
43(1)
Legal
43(1)
Standards
43(1)
Risk Management Models
44(2)
General Risk Management Model
44(1)
Software Engineering Institute Model
45(1)
Model Application
45(1)
Risk Options
46(1)
Chapter Review
47(4)
Quick Tips
47(1)
Questions
47(3)
Answers
50(1)
Chapter 3 Security Policies and Regulations
51(32)
Regulations and Compliance
51(4)
FISMA
52(1)
Sarbanes-Oxley
53(1)
Gramm-Leach-Bliley
53(1)
HIPAA and HITECH
54(1)
Payment Card Industry Data Security Standard (PCI DSS)
54(1)
Other Regulations
55(1)
Legal Issues
55(2)
Intellectual Property
55(2)
Privacy
57(6)
Privacy Policy
58(1)
Personally Identifiable Information
59(1)
Personal Health Information
59(1)
Breach Notifications
60(1)
Data Protection Principles
60(3)
California Consumer Privacy Act 2018 (AB 375)
63(1)
Security Standards
63(5)
ISO
63(4)
NIST
67(1)
Secure Software Architecture
68(4)
Security Frameworks
69(3)
Trusted Computing
72(3)
Principles
73(1)
Trusted Computing Base
74(1)
Trusted Platform Module
75(1)
Microsoft Trustworthy Computing Initiative
75(1)
Acquisition
75(2)
Definitions and Terminology
76(1)
Build vs. Buy Decision
76(1)
Outsourcing
76(1)
Contractual Terms and Service Level Agreements
76(1)
Chapter Review
77(6)
Quick Tips
77(1)
Questions
78(2)
Answers
80(3)
Chapter 4 Software Development Methodologies
83(26)
Secure Development Lifecycle
83(3)
Principles
83(2)
Security vs. Quality
85(1)
Security Features != Secure Software
85(1)
Secure Development Lifecycle Components
86(5)
Software Team Awareness and Education
86(1)
Gates and Security Requirements
86(1)
Bug Tracking
87(1)
Threat Modeling
88(1)
Fuzzing
89(1)
Security Reviews
90(1)
Mitigations
90(1)
Software Development Models
91(4)
Waterfall
91(1)
Spiral
92(1)
Prototype
93(1)
Agile Methods
94(1)
Open Source
95(1)
Microsoft Security Development Lifecycle
95(6)
History
96(1)
SDL Foundation
96(3)
SDL Components
99(2)
Chapter Review
101(8)
Quick Tips
101(1)
Questions
102(2)
Answers
104(5)
Part II: Secure Software Requirements
Chapter 5 Policy Decomposition
109(12)
Confidentiality, Integrity, and Availability Requirements
109(2)
Confidentiality
110(1)
Integrity
110(1)
Availability
111(1)
Authentication, Authorization, and Auditing Requirements
111(4)
Identification and Authentication
111(1)
Authorization
112(1)
Access Control Mechanisms
113(2)
Auditing
115(1)
Internal and External Requirements
115(1)
Internal
115(1)
External
116(1)
Chapter Review
116(5)
Quick Tips
116(1)
Questions
117(2)
Answers
119(2)
Chapter 6 Data Classification and Categorization
121(12)
Data Classification
121(2)
Data States
122(1)
Data Usage
122(1)
Data Risk Impact
123(1)
Data Ownership
123(1)
Data Owner
123(1)
Data Custodian
124(1)
Labeling
124(2)
Sensitivity
124(1)
Impact
125(1)
Types of Data
126(1)
Structured
126(1)
Unstructured
126(1)
Data Lifecycle
127(1)
Generation
127(1)
Retention
127(1)
Disposal
127(1)
Chapter Review
128(5)
Quick Tips
128(1)
Questions
128(3)
Answers
131(2)
Chapter 7 Requirements
133(16)
Functional Requirements
133(6)
Role and User Definitions
133(1)
Objects
134(1)
Activities/Actions
134(1)
Subject-Object-Activity Matrix
134(1)
Use Cases
134(1)
Abuse Cases (Inside and Outside Adversaries)
135(2)
Sequencing and Timing
137(1)
Secure Coding Standards
138(1)
Operational Requirements
139(1)
Deployment Environment
139(1)
Requirements Traceability Matrix
139(1)
Connecting the Dots
140(1)
Chapter Review
141(8)
Quick Tips
141(1)
Questions
142(2)
Answers
144(5)
Part III: Secure Software Design
Chapter 8 Design Processes
149(14)
Attack Surface Evaluation
149(3)
Attack Surface Measurement
150(1)
Attack Surface Minimization
151(1)
Threat Modeling
152(4)
Threat Model Development
152(4)
Control Identification and Prioritization
156(1)
Risk Assessment for Code Reuse
157(1)
Documentation
157(1)
Design and Architecture Technical Review
158(1)
Chapter Review
158(5)
Quick Tips
158(1)
Questions
159(3)
Answers
162(1)
Chapter 9 Design Considerations
163(14)
Application of Methods to Address Core Security Concepts
163(8)
Confidentiality, Integrity, and Availability
163(2)
Authentication, Authorization, and Auditing
165(1)
Secure Design Principles
166(4)
Interconnectivity
170(1)
Interfaces
171(1)
Chapter Review
172(5)
Quick Tips
172(1)
Questions
173(2)
Answers
175(2)
Chapter 10 Securing Commonly Used Architecture
177(18)
Distributed Computing
177(2)
Client Server
177(1)
Peer-to-Peer
178(1)
Message Queuing
179(1)
Service-Oriented Architecture
179(3)
Enterprise Service Bus
179(1)
Web Services
180(2)
Rich Internet Applications
182(1)
Client-Side Exploits or Threats
182(1)
Remote Code Execution
182(1)
Pervasive/Ubiquitous Computing
182(3)
Wireless
183(1)
Location-Based
184(1)
Constant Connectivity
184(1)
Radio Frequency Identification
184(1)
Near-Field Communication
185(1)
Sensor Networks
185(1)
Mobile Applications
185(1)
Integration with Existing Architectures
186(1)
Cloud Architectures
186(2)
Software as a Service
187(1)
Platform as a Service
187(1)
Infrastructure as a Service
188(1)
Chapter Review
188(7)
Quick Tips
189(1)
Questions
189(3)
Answers
192(3)
Chapter 11 Technologies
195(26)
Authentication and Identity Management
195(3)
Identity Management
195(1)
Authentication
196(2)
Credential Management
198(3)
X.509 Credentials
199(1)
Single Sign-On
200(1)
Flow Control (Proxies, Firewalls, Middleware)
201(2)
Firewalls
201(1)
Proxies
202(1)
Application Firewalls
202(1)
Queuing Technology
202(1)
Logging
203(1)
Syslog
204(1)
Data Loss Prevention
204(1)
Virtualization
204(1)
Digital Rights Management
205(1)
Trusted Computing
206(2)
TCB
206(1)
TPM
206(1)
Malware
207(1)
Code Signing
208(1)
Database Security
208(2)
Encryption
209(1)
Triggers
209(1)
Views
210(1)
Privilege Management
210(1)
Programming Language Environment
210(2)
CLR
211(1)
JVM
211(1)
Compiler Switches
211(1)
Sandboxing
211(1)
Managed vs. Unmanaged Code
212(1)
Operating Systems
212(1)
Embedded Systems
212(1)
Control Systems
212(1)
Firmware
213(1)
Chapter Review
213(8)
Quick Tips
214(1)
Questions
215(2)
Answers
217(4)
Part IV: Secure Software Implementation/Programming
Chapter 12 Common Software Vulnerabilities and Countermeasures
221(24)
CWE/SANS Top 25 Vulnerability Categories
221(2)
OWASP Vulnerability Categories
223(1)
Common Vulnerabilities and Countermeasures
223(7)
Injection Attacks
223(5)
Cryptographic Failures
228(2)
Input Validation Failures
230(4)
Buffer Overflow
231(1)
Canonical Form
231(2)
Missing Defense Functions
233(1)
General Programming Failures
233(1)
Common Enumerations
234(1)
Common Weakness Enumerations (CWE)
234(1)
Common Vulnerabilities and Exposures (CVE)
235(1)
Virtualization
235(1)
Embedded Systems
236(1)
Side Channel
236(1)
Social Engineering Attacks
236(2)
Phishing
237(1)
Chapter Review
238(7)
Quick Tips
239(1)
Questions
239(3)
Answers
242(3)
Chapter 13 Defensive Coding Practices
245(12)
Declarative vs. Programmatic Security
245(2)
Bootstrapping
246(1)
Cryptographic Agility
246(1)
Handling Configuration Parameters
247(1)
Memory Management
247(1)
Type-Safe Practice
248(1)
Locality
248(1)
Error Handling
248(1)
Exception Management
248(1)
Interface Coding
249(1)
Primary Mitigations
249(1)
Learning from Past Mistakes
250(1)
Chapter Review
251(6)
Quick Tips
251(1)
Questions
252(2)
Answers
254(3)
Chapter 14 Secure Software Coding Operations
257(12)
Code Analysis (Static and Dynamic)
257(1)
Static
258(1)
Dynamic
258(1)
Code/Peer Review
258(1)
Build Environment
259(2)
Integrated Development Environment (IDE)
260(1)
Antitampering Techniques
261(1)
Configuration Management: Source Code and Versioning
262(1)
Chapter Review
262(7)
Quick Tips
263(1)
Questions
263(3)
Answers
266(3)
Part V: Secure Software Testing
Chapter 15 Security Quality Assurance Testing
269(14)
Standards for Software Quality Assurance
269(2)
ISO 9216
269(1)
SSE-CMM
270(1)
OSSTMM
270(1)
Testing Methodology
271(1)
Functional Testing
271(2)
Unit Testing
272(1)
Integration or Systems Testing
272(1)
Performance Testing
272(1)
Regression Testing
273(1)
Security Testing
273(1)
White-Box Testing
273(1)
Black-Box Testing
273(1)
Grey-Box Testing
274(1)
Environment
274(1)
Bug Tracking
274(3)
Defects
275(1)
Errors
276(1)
Vulnerabilities
276(1)
Bug Bar
276(1)
Attack Surface Validation
277(1)
Testing Artifacts
277(1)
Test Data Lifecycle Management
277(1)
Chapter Review
278(5)
Quick Tips
278(1)
Questions
279(2)
Answers
281(2)
Chapter 16 Security Testing
283(14)
Scanning
283(1)
Attack Surface Analyzer
284(1)
Penetration Testing
284(1)
Fuzzing
285(1)
Simulation Testing
286(1)
Testing for Failure
286(1)
Cryptographic Validation
287(1)
FIPS 140-2
288(1)
Regression Testing
288(1)
Impact Assessment and Corrective Action
289(1)
Chapter Review
289(8)
Quick Tips
290(1)
Questions
290(3)
Answers
293(4)
Part VI: Secure Lifecycle Management
Chapter 17 Secure Lifecycle Management
297(24)
Introduction to Acceptance
297(3)
Software Qualification Testing
297(1)
Qualification Testing Plan
298(1)
Qualification Testing Hierarchy
299(1)
Pre-release Activities
300(8)
Implementing the Pre-release Testing Process
301(3)
Completion Criteria
304(2)
Risk Acceptance
306(2)
Post-release Activities
308(5)
Validation and Verification
309(2)
Independent Testing
311(2)
Chapter Review
313(8)
Quick Tips
313(1)
Questions
314(2)
Answers
316(5)
Part VII: Software Deployment, Operations, and Maintenance
Chapter 18 Secure Software Installation and Deployment
321(18)
Secure Software Installation and Its Subsequent Deployment
322(4)
Installation Validation and Verification
322(1)
Planning for Operational Use
323(3)
Configuration Management
326(8)
Organizing the Configuration Management Process
327(1)
Configuration Management Roles
328(1)
The Configuration Management Plan
329(1)
The Configuration Management Process
329(5)
Chapter Review
334(5)
Quick Tips
335(1)
Questions
336(2)
Answers
338(1)
Chapter 19 Secure Software Operations and Maintenance
339(26)
Secure Software Operations
340(4)
Operations Process Implementation
341(3)
The Software Maintenance Process
344(10)
Monitoring
345(2)
Incident Management
347(4)
Problem Management
351(2)
Change Management
353(1)
Backup, Recovery, and Archiving
354(1)
Secure DevOps
354(1)
Secure Software Disposal
355(2)
Software Disposal Planning
357(1)
Software Disposal Execution
357(1)
Chapter Review
357(8)
Quick Tips
358(1)
Questions
359(2)
Answers
361(4)
Part VIII: Supply Chain and Software Acquisition
Chapter 20 Supply Chain and Software Acquisition
365(30)
Supplier Risk Assessment
366(7)
What Is Supplier Risk Assessment?
366(1)
Risk Assessment for Code Reuse
367(1)
Intellectual Property
368(3)
Legal Compliance
371(1)
Supplier Prequalification
371(2)
Supplier Sourcing
373(5)
Contractual Integrity Controls
375(1)
Vendor Technical Integrity Controls for Third-Party Suppliers
376(1)
Managed Services
377(1)
Service Level Agreements
377(1)
Software Development and Testing
378(4)
Code Testing
379(1)
Security Testing Controls
380(1)
Software Requirements Testing and Validation
381(1)
Software Requirements Testing and Validation for Subcontractors
381(1)
Software Delivery, Operations, and Maintenance
382(6)
Chain of Custody
383(1)
Publishing and Dissemination Controls
384(1)
System-of-Systems Integration
385(1)
Software Authenticity and Integrity
385(1)
Product Deployment and Sustainment Controls
386(1)
Monitoring and Incident Management
387(1)
Vulnerability Management, Tracking, and Resolution
388(1)
Supplier Transitioning
388(1)
Chapter Review
389(6)
Quick Tips
390(1)
Questions
390(3)
Answers
393(2)
Appendix: About the Online Content 395(4)
System Requirements
395(1)
Your Total Seminars Training Hub Account
395(1)
Privacy Notice
395(1)
Single User License Terms and Conditions
395(2)
TotalTester Online
397(1)
Technical Support
397(2)
Glossary 399(20)
Index 419
Wm. Arthur Conklin (Houston, TX), Security+, CISSP, is an Assistant Professor in the Information and Logistics Technology department at the University of Houston. In addition to his PhD, Mr. Conklin has a MBA from UTSA, and two graduate degrees in Electrical Engineering from the Naval Postgraduate School in Monterey, California. Dr. Conklins interests are information security, systems theory, and secure software design.





Dan Shoemaker, Ph. D. (University of Detroit Mercy) is the Director of the Centre for the Software Assurance Institute, a National Security Agency (NSA) Center of Academic Excellence, at the University of Detroit Mercy. He is also a Professor at UDM where he has been the Chair of Computer and Information Systems since 1985. Dr. Shoemaker is Co-Chair of the Workforce Training and Education working group within the Department of Homeland Securitys National Cybersecurity Division (NCSD). Dr. Shoemaker was one of the earliest academic participants in the development of Software Engineering as a discipline, starting at SEI in the fall of 1987.