CSSLP官方指南：解决软件安全全周期问题的ISC2认证

网络

4星 · 超过85%的资源需积分: 50 47 浏览量更新于2024-07-21 收藏 17.39MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

CSSLP（Certified Secure Software Lifecycle Professional）是(ISC)2颁发的一项专业认证，专注于确保软件开发生命周期（SLC）中的安全性。这个认证主要考察的是候选人对于在软件开发过程中解决各种安全问题的全面理解，包括但不限于安全设计、编码实践、测试方法、风险管理以及合规性要求。该指南是官方(ISC)2发布的第二版CSSLP® CBK（Common Body of Knowledge）指南，由Mano Paul-CSSLP, CISSP编辑，属于CRC Press和Taylor & Francis Group出版。版本日期为2013年7月17日，电子书的国际标准书号为13:978-1-4665-7133-4。这本指南强调了基于权威和备受尊重的信息来源编撰，尽管已经尽力确保数据的可靠性，但并不能对所有材料的准确性或使用后果承担责任。 CSSLP考试的内容可能覆盖以下关键知识点： 1. **软件安全生命周期**：了解从需求分析、设计、编码到测试和维护的各个阶段如何融入安全实践，确保在整个过程中考虑安全因素。 2. **安全设计原则**：掌握如何设计安全的架构、模块化、权限管理、数据加密等设计决策，以减少潜在的安全漏洞。 3. **编码安全**：理解如何编写安全的代码，如避免SQL注入、跨站脚本攻击（XSS）、输入验证等常见的安全编码最佳实践。 4. **风险管理**：学习如何识别、评估和优先处理安全风险，包括威胁建模、脆弱性扫描和残余风险的管理。 5. **安全测试**：熟悉安全测试方法和技术，包括静态和动态分析，渗透测试，以及如何执行安全代码审查。 6. **合规性与标准**：了解相关的法规要求、行业标准（如ISO/IEC 27001）和安全框架（如NIST Cybersecurity Framework），确保软件开发过程符合规定。 7. **安全审计与报告**：知道如何创建和提交有效的安全审计报告，展示组织的安全管理水平和改进措施。 8. **沟通与协作**：强调安全团队与其他团队之间的有效沟通，包括业务人员、开发者和管理层，确保安全措施得到实施。 9. **持续改进**：理解如何将安全融入敏捷开发流程，进行周期性的安全审查，并根据发现的问题进行迭代改进。通过这个指南，考生可以系统地学习和准备CSSLP考试，以证明他们在软件开发的全程中都能有效地应对安全挑战，从而提升职业竞争力。

资源详情

资源推荐

About the Author

Manoranjan (Mano) Paul is the Software Assurance Advisor

for (ISC)

, the global leader in information security education

and certification. In this role, he represents and advises the

organization on software assurance strategy, training, education

and certification. He is a member of the Application Security

Advisory Board and is the winner of the first Information Security

Leadership Awards (ISLA) as a practitioner in the Americas region.

His information security and software assurance experience includes designing

and developing security programs from compliance-to-coding, security in the

SDLC, writing secure code, risk management, security strategy, and security

awareness training and education.

Mr. Paul is the author of the acclaimed “7 Qualities of Highly Secure Software”

book and is a contributing author for the Information Security Management

Handbook. He has contributed to several security topics for the Microsoft

Solutions Developer Network (MSDN). He has been featured in various

domestic and international security conferences and is an invited speaker and

panelist, delivering talks and keynotes in conferences such as the OWASP AppSec

conferences, SANS, Security Congress, ASIS, CSI, Gartner Catalyst, and SC

World Congress. He holds the following professional certifications – CSSLP,

CISSP, MCSD, MCAD, CompTIA Network+ and the ECSA certification.

Mr. Paul started his career as a shark researcher in the Bimini Biological

Field Station, Bahamas. His educational pursuit took him to the University of

Oklahoma where he received his Business Administration degree in Management

Information Systems (MIS) with various accolades and the coveted 4.0 GPA.

Following his entrepreneurial acumen, he founded and serves as the CEO &

CSSLP_v2.indb 15 6/7/2013 5:40:19 PM

xviii

Ocial (ISC)

Guide to the CSSLP CBK: Second Edition

Sharon is a recognized cyber security expert. He serves as trusted advisor to

several of Canada’s largest financial institutions and several Fortune 500 rapid-

growth Enterprises.

Sharon is an active volunteer and advisor with the International Information

Systems Security Certification Consortium, Inc., (ISC)

. He was involved in

the concept and on-going development of the Certified Software Security Life-

Cycle Professional (CSSLP) certification.

Sharon is a board member of the International Application Security Advisory

Board (ASAB) and a senior member of the Institute of Electrical and Electronics

Engineers (IEEE) and the Association for Computing Machinery (ACM).

Richard Tychansky, CISSP-ISSEP, CSSLP, CAP, CIPP/G, PMP, CISA, CISM,

CRISC has over 17 years of experience in Information Systems Security

Engineering (ISSE) and secure software design and audit. Notably, the common

thread which runs through all of his professional certifications is accountability

and traceability. Richard is risk-adverse and compliance driven and has the ability

to guide organizations through the never ending maze of regulatory compliance,

international standards, and industry best practice that they face daily. Richard

has excelled at managing cyber security programs; he has tamed organizational

cyber risk portfolios and brought software development projects in on-time

and on-budget by applying technical management techniques such as Earned

Value Management (EVM). Richard is a software entrepreneur, and while with

Identity Dynamics Corporation he managed the development of a prototype

mobile application that provided a secure interface to a system-of-systems in the

Cloud that measured dozens of biometric modalities and geographic location

tags from an international network of full-motion video surveillance cameras.

Richard is an engineering science graduate from the University of Toronto.

He is a member of the Open Web Application Security Project (OWASP),

the International Association for Cryptologic Research (IACR), and ASIS

International. Richard is a charter member of the (ISC)

Application Security

Advisory Board (ASAB), which is responsible for evangelizing the Certified

Software Security Lifecycle Professional (CSSLP) credential. Currently, Richard

is the ASAB Chair for Supply Chain Software Assurance sub-committee. He

has presented at consecutive ASIS/(ISC)

Security Congress’ on the silent threat

that organizations face today when they outsource code development and/

or integrate software products into their IT environments. Richard has also

presented at OWASP on secure coding best practices and with the IAPP on

privacy in the Cloud.

CSSLP_v2.indb 18 6/7/2013 5:40:19 PM

剩余780页未读，继续阅读

paul03

粉丝: 1
资源: 5

CSSLP官方指南：解决软件安全全周期问题的ISC2认证

Official (ISC)2 Guide to the CISSP CBK 4 Edition CBK知识点第四版（最新英文版）

OfficialISC2GuidetotheCSSLPCBKSecondEdition.pdf 英文原版

OfficialISCGuideToTheCSSLPCBKSecondEdition.pdf 英文原版

利用SIMULINK建立的四转子动力学模型.rar

WPF的MVVM框架，数据绑定和命令的学习文档

天鹰优化算法AO-TCN-LSTM-Multihead-Attention多变量时间序列预测Matlab实现.rar

基于ssm的协同过滤算法的电影推荐系统设计与实现.docx

带有永磁体的直流发动机simulink.rar

机器人足球2.0_建模团队策略与状态和网络效应与模拟活动simulink.rar

【独家首发】基于matlab蛇群算法SO-GMDH锂电池寿命SOC估计【含Matlab源码 7531期】.zip

贪吃蛇的系统实现方案.zip

【独家首发】基于matlab海洋捕食者算法MPA-GMDH风电数据回归预测【含Matlab源码 7530期】.zip

唯恒农业：生物医药第三方外包行业服务体系.pdf

未来装备探索：数字孪生装备 CIMS封面文章.pdf

电力及公用事业行业周报：2023年上半年分布式光伏装机高速增长，重视配网设备和工商业储能投资机会.pdf

文旅生态洞察2020—旅游直播时代-马蜂窝-202005-21页_Password_Removed.pdf

压波管的可变频率锯齿载波simulink.rar

【独家首发】基于matlab凌日算法TSOA-GMDH锂电池寿命SOC估计【含Matlab源码 7531期】.zip

言安堂：2022年玫瑰提取物市场趋势分析和消费者洞察.pdf

医药生物行业专题研究：如何看待诺和诺德计划收购Catalent？(1).pdf

最新资源