Official (ISC)2 Guide to the CSSLP CBK, Second Edition ((ISC)2 Press) 2nd Edition


Книга Official (ISC)2 Guide to the CSSLP CBK, Second Edition ((ISC)2 Press) 2nd Edition


Название:Official (ISC)2 Guide to the CSSLP CBK, Second Edition ((ISC)2 Press) 2nd Edition
Автор:Mano Paul
Серия:(ISC)2 Press
Издательство: Auerbach Publications
Год: 2014
Страниц:800
Язык: English
Формат: pdf
Размер: 16,9 Mb
The text allows readers to learn about software security from a renowned security practitioner who is the appointed software assurance advisor for (ISC)2. Complete with numerous illustrations, it makes complex security concepts easy to understand and implement. In addition to being a valuable resource for those studying for the CSSLP examination, this book is also an indispensable software security reference for those already part of the certified elite.
A robust and comprehensive appendix makes this book a time-saving resource for anyone involved in secure software development.
Features
Updates the most authoritative review of the key concepts and requirements of the CSSLP® exam
Details the software security activities that need to be incorporated throughout the software development lifecycle
Provides comprehensive coverage that includes the people, processes, and technology components of software, networks, and host defenses
Supplies a pragmatic approach to implementing software assurances in the real-world
Summary
The text allows readers to learn about software security from a renowned security practitioner who is the appointed software assurance advisor for (ISC)2. Complete with numerous illustrations, it makes complex security concepts easy to understand and implement. In addition to being a valuable resource for those studying for the CSSLP examination, this book is also an indispensable software security reference for those already part of the certified elite. A robust and comprehensive appendix makes this book a time-saving resource for anyone involved in secure software development.
Share this Title
Related Titles
1 of 2
Cloud Computing: Implementation, Management, and Security
 Table of ContentsDomain 1 - Secure Software Concepts
Holistic Security
Implementation Challenges
Iron Triangle Constraints
Security as an Afterthought
Security vs. Usability
Quality and Security
Security Profile – What Makes Software Secure?
Core Security Concepts
Design Security Concepts
Risk Management
Terminology and Definitions
Risk Management for Software
Handling Risk
Risk Management Concept: Summary
Security Policies: The ‘What’ and ‘Why’ for Security
Scope of the Security Policies
Prerequisites for Security Policy Development
Security Policy Development Process
Security Standards
Types of Security Standards
Internal Coding Standards
NIST Standards
Federal Information Processing (FIPS) standards
ISO Standards
PCI Standards
Organization for the Advancement of Structured Information Standards (OASIS)
Benefits of Security Standards
Best Practices
Open Web Application Security Project (OWASP)
Information Technology Infrastructure Library (ITIL)
Software Development Methodologies
Waterfall Model
Iterative Model
Spiral Model
Agile Development Methodologies
Software Assurance Methodologies
Socratic Methodology
Six Sigma (6 σ) Capability Maturity Model Integration (CMMI)
Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE®)
STRIDE and DREAD
Open Source Security Testing Methodology Manual (OSSTMM)
Flaw Hypothesis Method (FHM)
Enterprise Application and Security Frameworks
Zachman Framework
Control Objectives for Information and related Technology (COBIT®)
Committee of Sponsoring Organizations (COSO)
Sherwood Applied Business Security Architecture (SABSA)
Regulations, Privacy and Compliance
Significant Regulations and Privacy Acts
Sarbanes-Oxley Act (SOX)
BASEL II
Gramm-Leach-Bliley Act (GLB Act)
Health Insurance Portability and Accountability Act (HIPAA)
Data Protection Act
Computer Misuse Act
Mobile Device Privacy Act
State Security Breach Laws
Privacy and Software Development
Data Anonymization
Disposition
Security Models
Trusted Computing
Ring Protection
Trust Boundary (or Security Perimeter)
Trusted Computing Base (TCB)
Reference Monitor
Acquisitions
Domain 2 - Secure Software Requirements
Sources for Security Requirements
Types of Security Requirements
Core Security Requirements
General Requirements
Operational Requirements
Other Requirements
Protection Needs Elicitation (PNE)
Brainstorming
Surveys (Questionnaires and Interviews)
Policy Decomposition
Data Classification
Subject/Object Matrix
Use Case & Misuse Case Modeling
Requirements Traceability Matrix (RTM)
Domain 3 - Secure Software Design
The Need for Secure Design
Flaws versus Bugs
Architecting Software with Core Security Concepts
Confidentiality Design
Integrity Design
Availability Design
Authentication Design
Authorization Design
Accountability Design
Architecting Software with Secure Design Principles
Least Privilege
Separation of Duties
Defense in Depth
Fail Secure
Economy of Mechanisms
Complete Mediation
Open Design
Least Common Mechanisms
Psychological Acceptability
Weakest Link
Leveraging Existing Components
Balancing Secure Design Principles
Other Design Considerations
Interface Design
Interconnectivity
Design Processes
Attack Surface Evaluation
Threat Modeling
Architectures
Mainframe Architecture
Distributed Computing
Service Oriented Architecture
Rich Internet Applications
Pervasive/Ubiquitous Computing
Cloud Computing
Mobile Applications
Integration with Existing Architectures
Technologies
Authentication
Identity Management
Credential Management
Flow Control
Auditing (Logging)
Trusted Computing
Database Security
Programming Language Environment
Operating Systems
Embedded Systems
Secure Design and Architecture Review
Domain 4 - Secure Software Implementation/Coding
Who is to be Blamed for Insecure Software?
Fundamental Concepts of Programming
Computer Architecture
Evolution of Programming Languages
Common Software Vulnerabilities and Controls
Buffer Overflow
Stack Overflow
Heap Overflow
Injection Flaws
Broken Authentication and Session Management
Cross-Site Scripting (XSS)
Non-persistent or Reflected XSS
Persistent or Stored XSS
DOM based XSS
Insecure Direct Object References
Security Misconfiguration
Sensitive Data Exposure
Missing Function Level Checks
Cross-Site Request Forgery (CSRF)
Using Known Vulnerable Components
Unvalidated Redirects and Forwards
File Attacks
Race Condition
Side Channel Attacks
Defensive Coding Practices – Concepts and Techniques
Input Validation
Canonicalization
Sanitization
Error Handling
Safe APIs
Memory Management
Exception Management
Session Management
Configuration Parameters Management
Secure Startup
Cryptography
Concurrency
Tokenization
Sandboxing
Anti-Tampering
Secure Software Processes
Version (Configuration Management)
Code Analysis
Code/Peer Review
Securing Build Environments
Domain 5 -Secure Software Testing
Quality Assurance
Testing Artifacts
Test Strategy
Test Plan
Test Case
Test Script
Test Suite
Test Harness
Types of Software QA Testing
Functional Testing
Non-Functional Testing
Other Testing
Attack Surface Validation (Security Testing)
Motives, Opportunities and Means
Testing of Security Functionality versus Security Testing
The Need for Security Testing
Security Testing Methods
White Box Testing
Black Box Testing
White Box Testing versus Black Box Testing
Types of Security Testing
Cryptographic Validation Testing
Scanning
Fuzzing
Software Security Testing
Testing for Input Validation
Testing for Injection Flaws Controls
Testing for Scripting Attacks Controls
Testing for Non-repudiation Controls
Testing for Spoofing Controls
Testing for Error and Exception Handling Controls (Failure Testing)
Testing for Privileges Escalations Controls
Anti-Reversing Protection Testing
Tools for Security Testing
Test Data Management
Defect Reporting and Tracking
Reporting Defects
Tracking Defects
Impact Assessment and Corrective Action
Domain 6 - Software Acceptance
Guidelines for Software Acceptance
Benefits of Accepting Software Formally
Software Acceptance Considerations
Completion Criteria
Change Management
Approval to Deploy or Release
Risk Acceptance and Exception Policy
Documentation of Software
Verification and Validation (V&V)
Reviews
Testing
Certification and Accreditation (C&A)
Domain 7 - Software Deployment, Operations, Maintenance, and Disposal
Installation and Deployment
Hardening
Environment Configuration
Release Management
Bootstrapping and Secure Startup
Operations and Maintenance
Monitoring
Incident Management
Problem Management
Change Management
Backups, Recovery and Archiving
Disposal
End-of-Life Policies
Sun-Setting Criteria
Sun-setting Processes
Information Disposal and Media Sanitization
Domain 8 - Supply Chain and Software Acquisition
Software Acquisition and the Supply Chain
Acquisition Lifecycle
Software Acquisition Models and Benefits
Supply Chain Software Goals
Threats to Supply Chain Software
Software Supply Chain Risk Management (SCRM)
Supplier Risk Assessment and Management
Supplier Sourcing
Contractual Controls
Intellectual Property (IP) Ownership and Responsibilities
Types of Intellectual Property (IP)
Licensing (Usage and Redistribution Terms)
Software Development and Testing
Assurance Requirement Conformance Validation
Code Review
Code Repository Security
Build Tools and Environment Integrity
Testing for Code Security
Software SCRM during Acceptance
Anti-Tampering Resistance and Controls
Authenticity and Anti-Counterfeiting Controls
Supplier Claims Verification
Software SCRM during Delivery (Handover)
Chain of Custody
Secure Transfer
Code Escrows
Export Control and Foreign Trade Data Regulations Compliance
Software SCRM during Deployment (Installation/Configuration)
Secure Configuration
Perimeter (Network) Security Controls
System-of-Systems (SoS) Security
Software SCRM during Operations and Maintenance
Runtime Integrity Assurance
Patching and Upgrades
Termination Access Controls
Custom Code Extensions Checks
Continuous Monitoring and Incident Management
Software SCRM during Retirement
depositfiles.com
turbobit.net

Рейтинг: 4.8 баллов / 2537 оценок
Формат: Книга
Уже скачали: 12770 раз



Похожие Книги

Нам показалось, что Книги ниже Вас заинтересуют не меньше. Эти издания Вы так же можете скачивать и читать совершенно бесплатно на сайте!

  • Книга Скоро в школу. Занимательная логика

    Скоро в школу. Занимательная логика

    Автор: Коллектив Год издания: 2009 Формат: other Издат.: Новый диск Страниц: 1000 Размер: 167МВ Язык: Русский Ваш ребенок скоро пойдет в перв . . .

  • Книга Материалы для истории инженернаго искусства в России. (Часть 3)

    Материалы для истории инженернаго искусства в России. (Часть 3)

    Название: Материалы для истории инженернаго искусства в России. (Часть 3) Опыт исследования инженерного искусства после императора Петра I до императрицы Екатерины II.Автор: Ласковский Ф. ф.Издательст . . .

  • Книга Береговой дальномер с вертикальной базой образца 1886 года

    Береговой дальномер с вертикальной базой образца 1886 года

    Название: Береговой дальномер с вертикальной базой образца 1886 годаАвтор: ЗахаровИздательство: С-ПетербургГод: 1888Страниц: 78Язык: русскийФормат: pdfРазмер: 37,05(+3%)МбКачество: среднееУстройство . . .

  • Журнал Журнал Веселые петельки. Вяжем для детей № 5 (2011)

    Журнал Веселые петельки. Вяжем для детей № 5 (2011)

    Название:  Веселые петельки. Вяжем для детей Издательство:  Ниола-Пресс Номер:  5 Месяц / Год:  5/2011 Страниц:  28 Формат:  jpg Размер файла:  12,1 Мб Язык:& . . .

  • Журнал Журнал 1001 совет для дачника №3 2011

    Журнал 1001 совет для дачника №3 2011

    Название:  1001 совет для дачника №3 2011 Номер:  3 Месяц / Год:  2011 Страниц:  36 Формат:  pdf Размер файла:  28.22 Мб Содержание: Отличный журнал для дачников . . .

  • Книга Детские загадки. Большая раскраска

    Детские загадки. Большая раскраска

    Автор:КоллективНазвание: Детские загадки. Большая раскраскаИздательство: ТОВ"Компания Мандарин" Год: 2009Формат: DjVuРазмер: 6 мбКоличество страниц: 34Разгадай загадки и раскрась картинки карандашами . . .

  • Книга Орошение коллективных и приусадебных садов

    Орошение коллективных и приусадебных садов

    Автор: Ю.А. МарковНазвание: Орошение коллективных и приусадебных садовИздательство: АгропромиздатГод: 1989Формат: PDFРазмер: 9,4 МбИзложены вопросы водного режима почвы и методы его регулирования в пл . . .

  • Книга Adobe Premiere CS4. Обучающий курс

    Adobe Premiere CS4. Обучающий курс

    Автор: коллективНазвание: Adobe Premiere CS4. Обучающий курсИздательство: TeachShopГод: 2010Качество: ebookФормат: isoЯзык: русскийРазмер: 205 МБОписание: Программа Adobe Premiere нового пакета Creati . . .

  • Книга The Photoshop Anthology: 101 Web Design Tips, Tricks & Techniques

    The Photoshop Anthology: 101 Web Design Tips, Tricks & Techniques

    Название: The Photoshop Anthology: 101 Web Design Tips, Tricks & TechniquesАвтор: Haffly C. Издательство: SitePoint Pty. LtdКоличество страниц: 286Формат: pdfРАзмер архова: 61.2 МбКачество: ОтличноеЯз . . .

  • Книга Народные сказки. Том 5

    Народные сказки. Том 5

    Автор: Составитель: Круглов Ю. Г.Название: Народные сказки. Том 5Издательство: ВозрождениеГод: 1993Формат: djvu Размер: 3,6МбИтак, впереди очередное знакомство с Библиотекой русской сказки. Аналогов е . . .


Вы не зарегистрированы!

Если вы хотите скачивать книги, журналы и аудиокниги бесплатно, без рекламы и без смс, оставлять комментарии и отзывы, учавствовать в различных интересных мероприятиях, получать скидки в книжных магазинах и многое другое, то Вам необходимо зарегистрироваться в нашей Электронной Библиотеке.

Отзывы читателей


Ой!

К сожалению, в нашей Бесплатной Библиотеке пока нет отзывов о Книге Official (ISC)2 Guide to the CSSLP CBK, Second Edition ((ISC)2 Press) 2nd Edition. Помогите нам и другим читателям окунуться в сюжет Книги и узнать Ваше мнение. Оставьте свой отзыв или обзор сейчас, это займет у Вас всего-лишь несколько минут.