SkillSoft Explore Course – Lambers, Inc.

BUY NOW! STARTING AT ONLY $299!

IT Professional Certifications (ISC)2 Certified Secure Software Lifecycle Professional (CSSLP) Certified Secure Software Lifecycle Professional (CSSLP)

Building security controls within software implementation and coding is vital for end-product software security. In this course, you'll learn about declarative versus programmatic security, how to use Open Web Application Security Project or OWASP and Common Weakness Enumeration or CWE as great security sources, and some defense coding practices and controls such as configuration, error handling, and session management. This course also covers some essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques. This course is one of a series in the learning path that covers the objectives for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

Asset ID	sp_slcp_a04_it_enus
Course Type	Video Course
Course Category	(ISC)2

Objectives
Declarative Versus Programmatic Security start the course recognize characteristics of declarative security recognize characteristics of programmatic security Vulnerability Databases and Lists locate and list the Open Web Applications Security Project or OWASP "Top 10" locate and list the Common Weakness Enumeration or CWE list of software weaknesses Defense Coding Practices and Controls recognize examples of using concurrency as a defensive coding practice recognize examples of using configuration as a defensive coding practice recognize examples of using cryptology as a defensive coding practice recognize examples of using output sanitization as a defensive coding practice recognize examples of using error handling as a defensive coding practice recognize examples of using input validation as a defensive coding practice recognize examples of using logging and auditing as a defensive coding practice recognize examples of using session management as a defensive coding practice recognize examples of using exception management as a defensive coding practice distinguish between safe and unsafe application programming interface or API coding practices distinguish between examples of static and dynamic type safety enforcement recognize characteristics of memory management as a defensive coding practice recognize characteristics of configuration parameter management as a defensive coding practice recognize examples of tokenizing as a defensive coding practice recognize characteristics of sandboxing as a defensive coding practice Secure Coding Practices identify source code and versioning best practices identify build environment best practices recognize characteristics of peer-based code reviews distinguish between static and dynamic code analysis list the steps for code signing Practice: Secure Implementation and Coding identify techniques for defensive and secure coding

Objectives

Declarative Versus Programmatic Security

start the course
recognize characteristics of declarative security
recognize characteristics of programmatic security

Vulnerability Databases and Lists

locate and list the Open Web Applications Security Project or OWASP "Top 10"
locate and list the Common Weakness Enumeration or CWE list of software weaknesses

Defense Coding Practices and Controls

recognize examples of using concurrency as a defensive coding practice
recognize examples of using configuration as a defensive coding practice
recognize examples of using cryptology as a defensive coding practice
recognize examples of using output sanitization as a defensive coding practice
recognize examples of using error handling as a defensive coding practice
recognize examples of using input validation as a defensive coding practice
recognize examples of using logging and auditing as a defensive coding practice
recognize examples of using session management as a defensive coding practice
recognize examples of using exception management as a defensive coding practice
distinguish between safe and unsafe application programming interface or API coding practices
distinguish between examples of static and dynamic type safety enforcement
recognize characteristics of memory management as a defensive coding practice
recognize characteristics of configuration parameter management as a defensive coding practice
recognize examples of tokenizing as a defensive coding practice
recognize characteristics of sandboxing as a defensive coding practice

Secure Coding Practices

identify source code and versioning best practices
identify build environment best practices
recognize characteristics of peer-based code reviews
distinguish between static and dynamic code analysis
list the steps for code signing

Practice: Secure Implementation and Coding

identify techniques for defensive and secure coding