Fishpond Gift Vouchers - Let them choose!

Shop over a million Toys in our Huge New Range

Official (Isc)2 Guide to the Csslp Cbk, Second Edition

Product Details

Table of Contents

Domain 1 - Secure Software Concepts Holistic Security Implementation Challenges Iron Triangle Constraints Security as an Afterthought Security vs. Usability Quality and Security Security Profile - What Makes Software Secure? Core Security Concepts Design Security Concepts Risk Management Terminology and Definitions Risk Management for Software Handling Risk Risk Management Concept: Summary Security Policies: The `What' and `Why' for Security Scope of the Security Policies Prerequisites for Security Policy Development Security Policy Development Process Security Standards Types of Security Standards Internal Coding Standards NIST Standards Federal Information Processing (FIPS) standards ISO Standards PCI Standards Organization for the Advancement of Structured Information Standards (OASIS) Benefits of Security Standards Best Practices Open Web Application Security Project (OWASP) Information Technology Infrastructure Library (ITIL) Software Development Methodologies Waterfall Model Iterative Model Spiral Model Agile Development Methodologies Software Assurance Methodologies Socratic Methodology Six Sigma (6 Ï ) Capability Maturity Model Integration (CMMI) Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE (R)) STRIDE and DREAD Open Source Security Testing Methodology Manual (OSSTMM) Flaw Hypothesis Method (FHM) Enterprise Application and Security Frameworks Zachman Framework Control Objectives for Information and related Technology (COBIT (R)) Committee of Sponsoring Organizations (COSO) Sherwood Applied Business Security Architecture (SABSA) Regulations, Privacy and Compliance Significant Regulations and Privacy Acts Sarbanes-Oxley Act (SOX) BASEL II Gramm-Leach-Bliley Act (GLB Act) Health Insurance Portability and Accountability Act (HIPAA) Data Protection Act Computer Misuse Act Mobile Device Privacy Act State Security Breach Laws Privacy and Software Development Data Anonymization Disposition Security Models Trusted Computing Ring Protection Trust Boundary (or Security Perimeter) Trusted Computing Base (TCB) Reference Monitor Acquisitions Domain 2 - Secure Software Requirements Sources for Security Requirements Types of Security Requirements Core Security Requirements General Requirements Operational Requirements Other Requirements Protection Needs Elicitation (PNE) Brainstorming Surveys (Questionnaires and Interviews) Policy Decomposition Data Classification Subject/Object Matrix Use Case & Misuse Case Modeling Requirements Traceability Matrix (RTM) Domain 3 - Secure Software Design The Need for Secure Design Flaws versus Bugs Architecting Software with Core Security Concepts Confidentiality Design Integrity Design Availability Design Authentication Design Authorization Design Accountability Design Architecting Software with Secure Design Principles Least Privilege Separation of Duties Defense in Depth Fail Secure Economy of Mechanisms Complete Mediation Open Design Least Common Mechanisms Psychological Acceptability Weakest Link Leveraging Existing Components Balancing Secure Design Principles Other Design Considerations Interface Design Interconnectivity Design Processes Attack Surface Evaluation Threat Modeling Architectures Mainframe Architecture Distributed Computing Service Oriented Architecture Rich Internet Applications Pervasive/Ubiquitous Computing Cloud Computing Mobile Applications Integration with Existing Architectures Technologies Authentication Identity Management Credential Management Flow Control Auditing (Logging) Trusted Computing Database Security Programming Language Environment Operating Systems Embedded Systems Secure Design and Architecture Review Domain 4 - Secure Software Implementation/Coding Who is to be Blamed for Insecure Software? Fundamental Concepts of Programming Computer Architecture Evolution of Programming Languages Common Software Vulnerabilities and Controls Buffer Overflow Stack Overflow Heap Overflow Injection Flaws Broken Authentication and Session Management Cross-Site Scripting (XSS) Non-persistent or Reflected XSS Persistent or Stored XSS DOM based XSS Insecure Direct Object References Security Misconfiguration Sensitive Data Exposure Missing Function Level Checks Cross-Site Request Forgery (CSRF) Using Known Vulnerable Components Unvalidated Redirects and Forwards File Attacks Race Condition Side Channel Attacks Defensive Coding Practices - Concepts and Techniques Input Validation Canonicalization Sanitization Error Handling Safe APIs Memory Management Exception Management Session Management Configuration Parameters Management Secure Startup Cryptography Concurrency Tokenization Sandboxing Anti-Tampering Secure Software Processes Version (Configuration Management) Code Analysis Code/Peer Review Securing Build Environments Domain 5 -Secure Software Testing Quality Assurance Testing Artifacts Test Strategy Test Plan Test Case Test Script Test Suite Test Harness Types of Software QA Testing Functional Testing Non-Functional Testing Other Testing Attack Surface Validation (Security Testing) Motives, Opportunities and Means Testing of Security Functionality versus Security Testing The Need for Security Testing Security Testing Methods White Box Testing Black Box Testing White Box Testing versus Black Box Testing Types of Security Testing Cryptographic Validation Testing Scanning Fuzzing Software Security Testing Testing for Input Validation Testing for Injection Flaws Controls Testing for Scripting Attacks Controls Testing for Non-repudiation Controls Testing for Spoofing Controls Testing for Error and Exception Handling Controls (Failure Testing) Testing for Privileges Escalations Controls Anti-Reversing Protection Testing Tools for Security Testing Test Data Management Defect Reporting and Tracking Reporting Defects Tracking Defects Impact Assessment and Corrective Action Domain 6 - Software Acceptance Guidelines for Software Acceptance Benefits of Accepting Software Formally Software Acceptance Considerations Completion Criteria Change Management Approval to Deploy or Release Risk Acceptance and Exception Policy Documentation of Software Verification and Validation (V&V) Reviews Testing Certification and Accreditation (C&A) Domain 7 - Software Deployment, Operations, Maintenance, and Disposal Installation and Deployment Hardening Environment Configuration Release Management Bootstrapping and Secure Startup Operations and Maintenance Monitoring Incident Management Problem Management Change Management Backups, Recovery and Archiving Disposal End-of-Life Policies Sun-Setting Criteria Sun-setting Processes Information Disposal and Media Sanitization Domain 8 - Supply Chain and Software Acquisition Software Acquisition and the Supply Chain Acquisition Lifecycle Software Acquisition Models and Benefits Supply Chain Software Goals Threats to Supply Chain Software Software Supply Chain Risk Management (SCRM) Supplier Risk Assessment and Management Supplier Sourcing Contractual Controls Intellectual Property (IP) Ownership and Responsibilities Types of Intellectual Property (IP) Licensing (Usage and Redistribution Terms) Software Development and Testing Assurance Requirement Conformance Validation Code Review Code Repository Security Build Tools and Environment Integrity Testing for Code Security Software SCRM during Acceptance Anti-Tampering Resistance and Controls Authenticity and Anti-Counterfeiting Controls Supplier Claims Verification Software SCRM during Delivery (Handover) Chain of Custody Secure Transfer Code Escrows Export Control and Foreign Trade Data Regulations Compliance Software SCRM during Deployment (Installation/Configuration) Secure Configuration Perimeter (Network) Security Controls System-of-Systems (SoS) Security Software SCRM during Operations and Maintenance Runtime Integrity Assurance Patching and Upgrades Termination Access Controls Custom Code Extensions Checks Continuous Monitoring and Incident Management Software SCRM during Retirement Appendices Answers to Review Questions Security Models Threat Modeling Commonly Used Opcodes in Assembly HTTP/1.1 Status Codes and Reason Phrases (IETF RFC 2616) Security Testing Tools

Ask a Question About this Product More...
Write your question below:
Look for similar items by category
People also searched for
How Fishpond Works
Fishpond works with suppliers all over the world to bring you a huge selection of products, really great prices, and delivery included on over 25 million products that we sell. We do our best every day to make Fishpond an awesome place for customers to shop and get what they want — all at the best prices online.
Webmasters, Bloggers & Website Owners
You can earn a 5% commission by selling Official (Isc)2 Guide to the Csslp Cbk, Second Edition (Isc2 Press) on your website. It's easy to get started - we will give you example code. After you're set-up, your website can earn you money while you work, play or even sleep! You should start right now!
Authors / Publishers
Are you the Author or Publisher of a book? Or the manufacturer of one of the millions of products that we sell. You can improve sales and grow your revenue by submitting additional information on this title. The better the information we have about a product, the more we will sell!
Item ships from and is sold by, Inc.
Back to top