Muutke küpsiste eelistusi

E-raamat: CSSLP Certified Secure Software Lifecycle Professional All-in-One Exam Guide, Third Edition

3.50/5 (12 hinnangut Goodreads-ist)
,
  • Formaat: 416 pages
  • Ilmumisaeg: 04-Feb-2022
  • Kirjastus: McGraw-Hill Education
  • Keel: eng
  • ISBN-13: 9781264258215
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 72,80 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
CSSLP Certified Secure Software Lifecycle Professional All-in-One Exam Guide, Third EditionSuurem pilt
  • Formaat: 416 pages
  • Ilmumisaeg: 04-Feb-2022
  • Kirjastus: McGraw-Hill Education
  • Keel: eng
  • ISBN-13: 9781264258215
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Providing 100% coverage of the latest CSSLP exam, this self-study guide offers everything you need to ace the exam

Get complete coverage of all the material included on the Certified Secure Software Lifecycle Professional exam. CSSLP Certified Secure Software Lifecycle Professional All-in-One Exam Guide, Third Edition covers all eight exam domains developed by the International Information Systems Security Certification Consortium (ISC)2®. You’ll find learning objectives at the beginning of each chapter, exam tips, and practice questions with explanations. Designed to help you pass the exam with ease, this definitive resource also serves as an essential on-the-job reference.

Covers all eight exam domains:

  • Secure Software Concepts
  • Secure Software Requirements
  • Secure Software Architecture and Design
  • Secure Software Implementation
  • Secure Software Testing
  • Secure Software Lifecycle Management
  • Secure Software Deployment, Operations, Maintenance
  • Secure Software Supply Chain

Online content includes:

  • Test engine that provides full-length practice exams or customized quizzes by chapter or exam domain

Acknowledgments xxi
Introduction xxiii
Exam Objective Map xxv
Part I Secure Software Concepts
Chapter 1 Core Concepts
3(28)
Confidentiality
3(1)
Implementing Confidentiality
4(1)
Integrity
4(2)
Implementing Integrity
5(1)
Availability
6(1)
Authentication
7(11)
Multifactor Authentication
9(1)
Identity Management
9(2)
Identity Provider
11(1)
Identity Attributes
11(1)
Certificates
11(1)
Identity Tokens
11(1)
SSH Keys
12(1)
Smart Cards
12(1)
Implementing Authentication
12(3)
Credential Management
15(3)
Authorization
18(1)
Access Control Mechanisms
19(1)
Accountability (Auditing and Logging)
19(3)
Logging
21(1)
Syslog
22(1)
Nonrepudiation
22(1)
Secure Development Lifecycle
22(1)
Security vs. Quality
22(1)
Security Features != Secure Software
23(1)
Secure Development Lifecycle Components
23(3)
Software Team Awareness and Education
24(1)
Gates and Security Requirements
24(1)
Bug Tracking
24(1)
Threat Modeling
25(1)
Fuzzing
25(1)
Security Reviews
25(1)
Mitigations
25(1)
Chapter Review
26(5)
Quick Tips
27(1)
Questions
27(2)
Answers
29(2)
Chapter 2 Security Design Principles
31(24)
System Tenets
31(2)
Session Management
31(1)
Exception Management
32(1)
Configuration Management
32(1)
Secure Design Tenets
33(4)
Good Enough Security
33(1)
Least Privilege
33(1)
Separation of Duties
33(1)
Defense in Depth
34(1)
Fail-Safe
35(1)
Economy of Mechanism
35(1)
Complete Mediation
36(1)
Open Design
36(1)
Least Common Mechanism
36(1)
Psychological Acceptability
36(1)
Weakest Link
37(1)
Leverage Existing Components
37(1)
Single Point of Failure
37(1)
Security Models
37(8)
Access Control Models
38(3)
Multilevel Security Model
41(1)
Integrity Models
42(1)
Information Flow Models
43(2)
Adversaries
45(4)
Adversary Type
45(1)
Adversary Groups
46(2)
Threat Landscape Shift
48(1)
Chapter Review
49(6)
Quick Tips
50(1)
Questions
50(2)
Answers
52(3)
Part II Secure Software Requirements
Chapter 3 Define Software Security Requirements
55(10)
Functional Requirements
55(4)
Role and User Definitions
56(1)
Objects
56(1)
Activities/Actions
56(1)
Subject-Object-Activity Matrix
56(1)
Use Cases
56(2)
Sequencing and Timing
58(1)
Secure Coding Standards
59(1)
Operational and Deployment Requirements
59(1)
Connecting the Dots
60(1)
Chapter Review
61(4)
Quick Tips
61(1)
Questions
62(2)
Answers
64(1)
Chapter 4 Identify and Analyze Compliance Requirements
65(28)
Regulations and Compliance
65(12)
Security Standards
66(1)
ISO
66(4)
NIST
70(2)
FISMA
72(1)
Sarbanes-Oxley
73(1)
Gramm-Leach-Bliley
73(1)
HIPAA and HITECH
73(1)
Payment Card Industry Data Security Standard
73(1)
Other Regulations
74(1)
Legal Issues
74(1)
Intellectual Property
74(3)
Data Classification
77(4)
Data States
77(1)
Data Usage
78(1)
Data Risk Impact
78(1)
Data Lifecycle
79(1)
Generation
79(1)
Data Ownership t
79(1)
Data Owner
79(1)
Data Custodian
80(1)
Labeling
80(1)
Sensitivity
80(1)
Impact
81(1)
Privacy
81(8)
Privacy Policy
82(1)
Personally Identifiable Information
83(1)
Personal Health Information
83(1)
Breach Notifications
84(1)
General Data Protection Regulation
84(3)
California Consumer Privacy Act 2018 (AB 375)
87(1)
Privacy-Enhancing Technologies
87(1)
Data Minimization
88(1)
Data Masking
88(1)
Tokenization
88(1)
Anonymization
89(1)
Pseudo-anonymization
89(1)
Chapter Review
89(4)
Quick Tips
90(1)
Questions
90(2)
Answers
92(1)
Chapter 5 Misuse and Abuse Cases
93(12)
Misuse/Abuse Cases
93(2)
Requirements Traceability Matrix
95(1)
Software Acquisition
96(2)
Definitions and Terminology
96(1)
Build vs. Buy Decision
96(1)
Outsourcing
96(1)
Contractual Terms and Service Level Agreements
97(1)
Requirements Flow Down to Suppliers/Providers
97(1)
Chapter Review
98(7)
Quick Tips
98(1)
Questions
99(1)
Answers
100(5)
Part III Secure Software Architecture and Design
Chapter 6 Secure Software Architecture
105(28)
Perform Threat Modeling
105(8)
Threat Model Development
105(5)
Attack Surface Evaluation
110(1)
Attack Surface Measurement
110(1)
Attack Surface Minimization
111(1)
Threat Intelligence
112(1)
Threat Hunting
113(1)
Define the Security Architecture
113(16)
Security Control Identification and Prioritization
113(3)
Distributed Computing
116(1)
Service-Oriented Architecture
117(2)
Web Services
119(1)
Rich Internet Applications
120(1)
Pervasive/Ubiquitous Computing
121(2)
Embedded
123(1)
Cloud Architectures
124(3)
Mobile Applications
127(1)
Hardware Platform Concerns
127(1)
Cognitive Computing
128(1)
Control Systems
129(1)
Chapter Review
129(4)
Quick Tips
129(1)
Questions
130(2)
Answers
132(1)
Chapter 7 Secure Software Design
133(24)
Performing Secure Interface Design
133(2)
Logging
134(1)
Protocol Design Choices
135(1)
Performing Architectural Risk Assessment
135(1)
Model (Nonfunctional) Security Properties and Constraints
136(1)
Model and Classify Data
136(1)
Types of Data
136(1)
Structured
136(1)
Unstructured
137(1)
Evaluate and Select Reusable Secure Design
137(13)
Creating a Practical Reuse Plan
137(1)
Credential Management
138(3)
Flow Control
141(1)
Data Loss Prevention
142(1)
Virtualization
143(1)
Trusted Computing
143(2)
Database Security
145(2)
Programming Language Environment
147(2)
Operating System Controls and Services
149(1)
Secure Backup and Restoration Planning
149(1)
Secure Data Retention, Retrieval, and Destruction
150(1)
Perform Security Architecture and Design Review
150(1)
Define Secure Operational Architecture
151(1)
Use Secure Architecture and Design Principles, Patterns, and Tools
151(1)
Chapter Review
152(5)
Quick Tips
152(1)
Questions
152(2)
Answers
154(3)
Part IV Secure Software Implementation
Chapter 8 Secure Coding Practices
157(24)
Declarative vs. Imperative Security
157(2)
Bootstrapping
158(1)
Cryptographic Agility
158(1)
Handling Configuration Parameters
159(1)
Memory Management
159(1)
Type-Safe Practice
160(1)
Locality
160(1)
Error Handling
160(1)
Interface Coding
161(1)
Primary Mitigations
161(1)
Learning from Past Mistakes
162(1)
Secure Design Principles
162(5)
Good Enough Security
162(1)
Least Privilege
163(1)
Separation of Duties
163(1)
Defense in Depth
164(1)
Fail Safe
164(1)
Economy of Mechanism
165(1)
Complete Mediation
165(1)
Open Design
165(1)
Least Common Mechanism
165(1)
Psychological Acceptability
166(1)
Weakest Link
166(1)
Leverage Existing Components
166(1)
Single Point of Failure
167(1)
Interconnectivity
167(2)
Session Management
167(1)
Exception Management
168(1)
Configuration Management
168(1)
Cryptographic Failures
169(2)
Hard-Coded Credentials
169(1)
Missing Encryption of Sensitive Data
169(1)
Use of a Broken or Risky Cryptographic Algorithm
170(1)
Download of Code Without Integrity Check
171(1)
Use of a One-Way Hash Without a Salt
171(1)
Input Validation Failures
171(4)
Buffer Overflow
172(1)
Canonical Form
173(1)
Missing Defense Functions
174(1)
Output Validation Failures
174(1)
General Programming Failures
175(1)
Sequencing and Timing
175(1)
Technology Solutions
176(1)
Chapter Review
177(4)
Quick Tips
177(1)
Questions
178(2)
Answers
180(1)
Chapter 9 Analyze Code for Security Risks
181(18)
Code Analysis (Static and Dynamic)
181(4)
Static Application Security Testing
182(1)
Dynamic Application Security Testing
183(1)
Interactive Application Security Testing
184(1)
Runtime Application Self-Protection
184(1)
Code/Peer Review
185(1)
Code Review Objectives
186(1)
Additional Sources of Vulnerability Information
186(1)
CWE/SANS Top 25 Vulnerability Categories
187(1)
OWASP Vulnerability Categories
188(1)
Common Vulnerabilities and Countermeasures
189(5)
Injection Attacks
189(5)
Chapter Review
194(5)
Quick Tips
194(1)
Questions
195(1)
Answers
196(3)
Chapter 10 Implement Security Controls
199(18)
Security Risks
199(1)
Implement Security Controls
200(1)
Applying Security via the Build Environment
201(1)
Integrated Development Environment
201(1)
Anti-tampering Techniques
202(2)
Code Signing
202(1)
Configuration Management: Source Code and Versioning
203(1)
Code Obfuscation
204(1)
Defensive Coding Techniques
204(4)
Declarative vs. Programmatic Security
204(1)
Bootstrapping
205(1)
Cryptographic Agility
205(1)
Handling Configuration Parameters
206(1)
Interface Coding
206(1)
Memory Management
207(1)
Primary Mitigations
208(1)
Secure Integration of Components
208(2)
Secure Reuse of Third-Party Code or Libraries
209(1)
System-of-Systems Integration
209(1)
Chapter Review
210(7)
Quick Tips
210(1)
Questions
211(2)
Answers
213(4)
Part V Secure Software Testing
Chapter 11 Security Test Cases
217(12)
Security Test Cases
217(1)
Attack Surface Evaluation
218(1)
Penetration Testing
219(1)
Common Methods
220(5)
Fuzzing
220(1)
Scanning
221(1)
Simulations
221(1)
Failure Modes
222(1)
Cryptographic Validation
222(2)
Regression Testing
224(1)
Integration Testing
225(1)
Continuous Testing
225(1)
Chapter Review
225(4)
Quick Tips
226(1)
Questions
226(2)
Answers
228(1)
Chapter 12 Security Testing Strategy and Plan
229(12)
Develop a Security Testing Strategy and a Plan
229(2)
Functional Security Testing
231(1)
Unit Testing
231(1)
Nonfunctional Security Testing
231(1)
Testing Techniques
232(1)
White-Box Testing
232(1)
Black-Box Testing
232(1)
Gray-Box Testing
233(1)
Testing Environment
233(1)
Environment
233(1)
Standards
234(2)
ISO/IEC 25010:2011
234(1)
SSE-CMM
235(1)
OSSTMM
235(1)
Crowd Sourcing
236(1)
Chapter Review
236(5)
Quick Tips
236(1)
Questions
237(1)
Answers
238(3)
Chapter 13 Software Testing and Acceptance
241(18)
Perform Verification and Validation Testing
242(5)
Software Qualification Testing
245(1)
Qualification Testing Hierarchy
246(1)
Identify Undocumented Functionality
247(1)
Analyze Security Implications of Test Results
247(1)
Classify and Track Security Errors
248(3)
Bug Tracking
248(1)
Defects
249(1)
Errors
249(1)
Bug Bar
250(1)
Risk Scoring
250(1)
Secure Test Data
251(1)
Generate Test Data
252(1)
Reuse of Production Data
252(1)
Chapter Review
252(7)
Quick Tips
252(1)
Questions
253(2)
Answers
255(4)
Part VI Secure Software Lifecycle Management
Chapter 14 Secure Configuration and Version Control
259(14)
Secure Configuration and Version Control
259(1)
Define Strategy and Roadmap
260(1)
Manage Security Within a Software Development Methodology
261(2)
Security in Adaptive Methodologies
261(1)
Security in Predictive Methodologies
262(1)
Identify Security Standards and Frameworks
263(1)
Define and Develop Security Documentation
264(1)
Develop Security Metrics
264(1)
Decommission Software
265(2)
End-of-Life Policies
266(1)
Data Disposition
267(1)
Report Security Status
267(1)
Chapter Review
268(5)
Quick Tips
268(1)
Questions
269(2)
Answers
271(2)
Chapter 15 Software Risk Management
273(12)
Incorporate Integrated Risk Management
273(4)
Regulations and Compliance
273(1)
Legal
274(1)
Standards and Guidelines
274(1)
Risk Management
275(1)
Terminology
276(1)
Technical Risk vs. Business Risk
277(1)
Promote Security Culture in Software Development
277(1)
Security Champions
278(1)
Security Education and Guidance
278(1)
Implement Continuous Improvement
278(1)
Chapter Review
279(6)
Quick Tips
279(1)
Questions
280(2)
Answers
282(3)
Part VII Secure Software Deployment, Operations, Maintenance
Chapter 16 Secure Software Deployment
285(16)
Perform Operational Risk Analysis
285(4)
Deployment Environment
287(1)
Personnel Training
288(1)
Safety Criticality
288(1)
System Integration
289(1)
Release Software Securely
289(3)
Secure Continuous Integration and Continuous Delivery Pipeline
290(1)
Secure Software Tool Chain
291(1)
Build Artifact Verification
291(1)
Securely Store and Manage Security Data
292(1)
Credentials
292(1)
Secrets
293(1)
Keys/Certificates
293(1)
Configurations
293(1)
Ensure Secure Installation
293(3)
Bootstrapping
294(1)
Least Privilege
295(1)
Environment Hardening
295(1)
Secure Activation
295(1)
Security Policy Implementation
296(1)
Secrets Injection
296(1)
Perform Post-Deployment Security Testing
296(1)
Chapter Review
297(4)
Quick Tips
297(1)
Questions
298(2)
Answers
300(1)
Chapter 17 Secure Software Operations and Maintenance
301(16)
Obtain Security Approval to Operate
301(1)
Perform Information Security Continuous Monitoring
302(1)
Collect and Analyze Security Observable Data
302(1)
Threat Intel
302(1)
Intrusion Detection/Response
302(1)
Secure Configuration
303(1)
Regulation Changes
303(1)
Support Incident Response
303(3)
Root-Cause Analysis
304(1)
Incident Triage
305(1)
Forensics
305(1)
Perform Patch Management
306(1)
Perform Vulnerability Management
306(1)
Runtime Protection
307(1)
Support Continuity of Operations
307(2)
Backup, Archiving, Retention
308(1)
Disaster Recovery
308(1)
Resiliency
309(1)
Integrate Service Level Objectives and Service Level Agreements
309(1)
Chapter Review
310(7)
Quick Tips
311(1)
Questions
312(1)
Answers
313(4)
Part VIII Secure Software Supply Chain
Chapter 18 Software Supply Chain Risk Management
317(10)
Implement Software Supply Chain Risk Management
317(1)
Analyze Security of Third-Party Software
318(1)
Verify Pedigree and Provenance
319(3)
Secure Transfer
320(1)
System Sharing/Interconnections
320(1)
Code Repository Security
321(1)
Build Environment Security
321(1)
Cryptographically Hashed, Digitally Signed Components
321(1)
Right to Audit
322(1)
Chapter Review
322(5)
Quick Tips
322(1)
Questions
323(1)
Answers
324(3)
Chapter 19 Supplier Security Requirements
327(18)
Ensure Supplier Security Requirements in the Acquisition Process
327(8)
Supplier Sourcing
328(4)
Supplier Transitioning
332(1)
Audit of Security Policy Compliance
333(1)
Vulnerability/Incident Notification, Response, Coordination, and Reporting
334(1)
Maintenance and Support Structure
334(1)
Security Track Record
334(1)
Support Contractual Requirements
335(3)
Intellectual Property
335(3)
Legal Compliance
338(1)
Chapter Review
338(7)
Quick Tips
338(1)
Questions
339(2)
Answers
341(4)
Part IX Appendix and Glossary
Appendix About the Online Content
345(4)
System Requirements
345(1)
Your Total Seminars Training Hub Account
345(1)
Privacy Notice
345(1)
Single User License Terms and Conditions
345(2)
TotalTester Online
347(1)
Technical Support
347(2)
Glossary 349(20)
Index 369
Wm. Arthur Conklin (Houston, TX), Security+, CISSP, is an Assistant Professor in the Information and Logistics Technology department at the University of Houston. In addition to his PhD, Mr. Conklin has a MBA from UTSA, and two graduate degrees in Electrical Engineering from the Naval Postgraduate School in Monterey, California. Dr. Conklins interests are information security, systems theory, and secure software design.





Dan Shoemaker, Ph. D. (University of Detroit Mercy) is the Director of the Centre for the Software Assurance Institute, a National Security Agency (NSA) Center of Academic Excellence, at the University of Detroit Mercy. He is also a Professor at UDM where he has been the Chair of Computer and Information Systems since 1985. Dr. Shoemaker is Co-Chair of the Workforce Training and Education working group within the Department of Homeland Securitys National Cybersecurity Division (NCSD). Dr. Shoemaker was one of the earliest academic participants in the development of Software Engineering as a discipline, starting at SEI in the fall of 1987.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97812642582152e.html
Märksõnad: