Visão Geral
Curso CSSLP Certified Secure Software Lifecycle Professional CSSLP- Aprenda as melhores práticas de segurança e padrões da indústria para o ciclo de vida do software – informações críticas para o CSSLP. Por meio deste Curso CSSLP Certified Secure Software Lifecycle Professional CSSLP, você obterá conhecimento e aprenderá como a segurança deve ser incorporada a cada fase do ciclo de vida do software. Ele também detalha medidas essenciais de segurança que devem ocorrer, começando com a fase de requisitos, passando pela especificação e design do software, testes de software e, finalmente, descarte.
Este Curso CSSLP Certified Secure Software Lifecycle Professional CSSLP intenso fornece uma análise aprofundada dos domínios do CSSLP, ao mesmo tempo em que identifica as principais áreas de estudo. A certificação CSSLP reconhece as principais habilidades de segurança de aplicativos. Ela mostra aos empregadores e colegas que você tem as habilidades técnicas avançadas e o conhecimento necessário para autenticação, autorização e auditoria durante todo o Software Development Lifecycle (SDLC), usando as melhores práticas, políticas e procedimentos estabelecidos pelos especialistas em segurança cibernética da (ISC)². O CSSLP é ideal para profissionais de desenvolvimento de software e segurança responsáveis por aplicar as melhores práticas a cada fase do SDLC – desde o design e implementação do software até testes e implantação.
Conteúdo Programatico
Secure Software Concepts – security implications and methodologies within centralized and decentralized environments across the enterprise’s computer systems in software development.
- Core Concepts
- Security Design Principles
- Privacy
- Governance, Risk and Compliance
- Software Development Methodologies
Secure Software Requirements – capturing security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.
- Policy Decomposition
- Data Classification & Categorization
- Functional Requirements
- Operational Requirements
Secure Software Design – translating security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
- Design Processes
- Design Considerations
- Securing Commonly Used Architecture
- Technologies
Secure Software Implementation/Coding – involves the application of coding and testing standards, applying security testing tools including ‘fuzzing’, static-analysis code scanning tools, and conducting code reviews.
- Declarative versus Imperative (Programmatic) Security
- Vulnerability Database / Lists
- Defensive Coding Practices and Controls
- Source Code and Versioning
- Development and Build Environment
- Code / Peer Review
- Code Analysis
- Anti-tampering Techniques
Secure Software Testing – integrated QA testing for security functionality and resiliency to attack.
- Testing Ar tifacts
- Testing for Security and Quality Assurance
- Types of Testing
- Impact Assessment and Corrective Action
- Test Data Lifecycle Management
Software Acceptance – security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, Common Criteria and methods of independent testing.
- Pre-Release or Pre-Deployment
- Post-Release
Software Deployment, Operations, Maintenance and Disposal – security issues around steady state operations and management of software. Security measures that must be taken when a product reaches its end of life.
- Installation and Deployment
- Operations and Maintenance
- Software Disposal
Supply Chain & Software Acquisition – provides a holistic outline of the knowledge and tasks required in managing risk for outsourced development, acquisition, and procurement of software and related ser vices.
- Supplier Risk Assessment
- Supplier Sourcing
- Software Development Test
- Software Deliver y, Operations & Maintenance
- Supplier Transitioning