IT Professional Certifications     (ISC)2     Certified Secure Software Lifecycle Professional (CSSLP)     Certified Secure Software Lifecycle Professional (CSSLP)

---

Building security controls within software implementation and coding is vital for end-product software security. In this course, you'll learn about declarative versus programmatic security, how to use Open Web Application Security Project or OWASP and Common Weakness Enumeration or CWE as great security sources, and some defense coding practices and controls such as configuration, error handling, and session management. This course also covers some essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques. This course is one of a series in the learning path that covers the objectives for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

---

---

Objectives

Declarative Versus Programmatic Security start the course recognize characteristics of declarative security recognize characteristics of programmatic security Vulnerability Databases and Lists locate and list the Open Web Applications Security Project or OWASP "Top 10" locate and list the Common Weakness Enumeration or CWE list of software weaknesses Defense Coding Practices and Controls recognize examples of using concurrency as a defensive coding practice recognize examples of using configuration as a defensive coding practice recognize examples of using cryptology as a defensive coding practice recognize examples of using output sanitization as a defensive coding practice recognize examples of using error handling as a defensive coding practice recognize examples of using input validation as a defensive coding practice recognize examples of using logging and auditing as a defensive coding practice recognize examples of using session management as a defensive coding practice recognize examples of using exception management as a defensive coding practice distinguish between safe and unsafe application programming interface or API coding practices distinguish between examples of static and dynamic type safety enforcement recognize characteristics of memory management as a defensive coding practice recognize characteristics of configuration parameter management as a defensive coding practice recognize examples of tokenizing as a defensive coding practice recognize characteristics of sandboxing as a defensive coding practice Secure Coding Practices identify source code and versioning best practices identify build environment best practices recognize characteristics of peer-based code reviews distinguish between static and dynamic code analysis list the steps for code signing Practice: Secure Implementation and Coding identify techniques for defensive and secure coding