From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep
Secure software concepts
From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep
Secure software concepts
- [Narrator] The first domain of the CSSLP body of knowledge is secure software concepts. This domain focuses on certain fundamental security principles, and it lays the foundation for how you can begin to apply those principles to the SDLC. This domain accounts for 12% of the CSSLP exam. Core concepts is the first focus area for this domain. You'll learn about security fundamentals, like confidentiality, integrity, and availability, principles that are foundational to every CSSLP domain. And since the CSSLP focuses on software security, you'll also learn about the concepts of authentication and authorization, as well as accountability and non-repudiation. The second focus area for this domain is security design principles. You'll learn about access controls, like the principle of least privilege and separation of duties, and you'll learn about balancing resiliency controls with the idea of economy of mechanism. You'll also learn how to layer your application security controls by incorporating ideas such as defense in depth and diversity of defense. You'll continue exploring that security balancing act as you learn about component reuse and least common mechanism, and how these ideas fit into a larger defense in depth strategy. This domain also covers two concepts that, at first, may seem counterintuitive to software security, namely open design and psychological acceptability.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
(Locked)
Secure architecture and design patterns3m 43s
-
(Locked)
Identifying and prioritizing controls6m 15s
-
(Locked)
Traditional application architectures7m 23s
-
(Locked)
Pervasive and ubiquitous computing6m 43s
-
(Locked)
Rich internet and mobile applications7m 9s
-
(Locked)
Cloud architectures7m 8s
-
(Locked)
Embedded system considerations8m 45s
-
(Locked)
Architectural risk assessments6m 59s
-
(Locked)
Component-based systems5m 2s
-
(Locked)
Security enhancing tools4m 8s
-
(Locked)
Cognitive computing4m 37s
-
(Locked)
Control systems8m 34s
-
(Locked)
-
-
(Locked)
Components of a secure environment8m 25s
-
(Locked)
Designing network and server controls4m 22s
-
(Locked)
Designing data controls6m 25s
-
(Locked)
Secure design principles and patterns5m 6s
-
(Locked)
Secure interface design6m 49s
-
(Locked)
Security architecture and design review3m 6s
-
(Locked)
Secure operational architecture3m 37s
-
(Locked)