Analyzing third-party software security

Contents

• Introduction Introduction

  • Prepping for the CSSLP

    55s
• 1. Domain 1: Secure Software Concepts 1. Domain 1: Secure Software Concepts

  • Secure software concepts

    1m 51s
  • (Locked)
    What you should know

    2m 6s
  • The goals of application security

    3m 45s
• 2. The CIA Triad 2. The CIA Triad

  • Confidentiality

    6m 4s
  • (Locked)
    Integrity

    5m 17s
  • (Locked)
    Availability

    4m 51s
• 3. Identity and Access Management 3. Identity and Access Management

  • Authentication

    7m 20s
  • (Locked)
    Authorization

    7m 1s
  • (Locked)
    Accountability

    5m 43s
  • (Locked)
    Nonrepudiation

    5m 3s
  • (Locked)
    Governance, risk, and compliance

    5m 8s
• 4. Access Controls 4. Access Controls

  • Least privilege

    4m 51s
  • (Locked)
    Separation of duties

    5m 6s
  • (Locked)
    Economy of mechanism

    7m 19s
  • (Locked)
    Complete mediation

    5m 19s
• 5. Design Considerations 5. Design Considerations

  • Defense in depth

    5m 17s
  • (Locked)
    Resiliency

    5m 44s
  • (Locked)
    Open design

    6m 52s
  • (Locked)
    Least common mechanism

    5m 1s
  • (Locked)
    Psychological acceptability

    7m 42s
  • (Locked)
    Leveraging existing components

    4m 52s
  • (Locked)
    Eliminate single point of failure

    5m 10s
  • (Locked)
    Diversity of defense

    3m 43s
• 6. Domain 2: Secure Software Lifecycle Management 6. Domain 2: Secure Software Lifecycle Management

  • (Locked)
    Secure software lifecycle management

    3m 21s
• 7. Laying Your Foundation 7. Laying Your Foundation

  • Strategy and roadmap

    6m 27s
  • (Locked)
    Development methodologies

    6m 17s
  • (Locked)
    Integrated risk management

    7m 39s
  • (Locked)
    Promote security culture

    7m 4s
• 8. Setting Expectations 8. Setting Expectations

  • Security standards and frameworks

    8m 23s
  • (Locked)
    Security documentation

    6m 46s
  • (Locked)
    Hardware and software configuration

    4m 42s
  • (Locked)
    Ongoing configuration management

    4m 41s
• 9. Improving Over Time 9. Improving Over Time

  • Decommission software

    4m 28s
  • (Locked)
    Manage licenses and archives

    4m 52s
  • (Locked)
    Security metrics

    8m 9s
  • (Locked)
    Reporting security status

    7m 18s
  • (Locked)
    Continuous improvement

    4m 9s
  • (Locked)
    Implement secure operations practices

    5m 38s
• 10. Domain 3: Secure Software Requirements 10. Domain 3: Secure Software Requirements

  • (Locked)
    Determining security requirements

    3m 8s
• 11. Security Requirements 11. Security Requirements

  • Functional requirements

    7m 28s
  • (Locked)
    Nonfunctional requirements

    9m 18s
  • (Locked)
    Policy decomposition

    5m 53s
  • (Locked)
    Legal, regulatory, and industry

    7m 12s
• 12. Privacy Requirements 12. Privacy Requirements

  • Security vs. privacy

    6m 24s
  • (Locked)
    Data anonymization

    5m 43s
  • (Locked)
    User consent

    5m 34s
  • (Locked)
    Disposition

    7m 1s
  • (Locked)
    Private data storage

    3m 37s
• 13. Data Classification Requirements 13. Data Classification Requirements

  • (Locked)
    Data ownership

    5m 22s
  • (Locked)
    Labeling

    7m 12s
  • (Locked)
    Types of data

    6m 48s
  • (Locked)
    Data lifecycle

    6m 45s
• 14. Validating Your Requirements 14. Validating Your Requirements

  • (Locked)
    Misuse and abuse cases

    6m 5s
  • (Locked)
    Software requirement specifications

    6m 9s
  • (Locked)
    Security requirement traceability matrix

    3m 51s
• 15. Domain 4: Secure Software Architecture and Design 15. Domain 4: Secure Software Architecture and Design

  • (Locked)
    Secure software design

    3m 7s
• 16. Threat Modeling 16. Threat Modeling

  • (Locked)
    What is threat modeling?

    7m 45s
  • (Locked)
    Understand common threats

    8m 47s
  • (Locked)
    Attack surface evaluation

    5m 37s
• 17. Security Architecture 17. Security Architecture

  • (Locked)
    Secure architecture and design patterns

    3m 43s
  • (Locked)
    Identifying and prioritizing controls

    6m 15s
  • (Locked)
    Traditional application architectures

    7m 23s
  • (Locked)
    Pervasive and ubiquitous computing

    6m 43s
  • (Locked)
    Rich internet and mobile applications

    7m 9s
  • (Locked)
    Cloud architectures

    7m 8s
  • (Locked)
    Embedded system considerations

    8m 45s
  • (Locked)
    Architectural risk assessments

    6m 59s
  • (Locked)
    Component-based systems

    5m 2s
  • (Locked)
    Security enhancing tools

    4m 8s
  • (Locked)
    Cognitive computing

    4m 37s
  • (Locked)
    Control systems

    8m 34s
• 18. Security Design 18. Security Design

  • (Locked)
    Components of a secure environment

    8m 25s
  • (Locked)
    Designing network and server controls

    4m 22s
  • (Locked)
    Designing data controls

    6m 25s
  • (Locked)
    Secure design principles and patterns

    5m 6s
  • (Locked)
    Secure interface design

    6m 49s
  • (Locked)
    Security architecture and design review

    3m 6s
  • (Locked)
    Secure operational architecture

    3m 37s
• 19. Modeling 19. Modeling

  • (Locked)
    Nonfunctional properties and constraints

    5m 39s
  • (Locked)
    Data modeling and classification

    5m
• 20. Domain 5: Secure Software Implementation 20. Domain 5: Secure Software Implementation

  • (Locked)
    Secure software implementation

    2m 42s
• 21. Secure Coding Practices 21. Secure Coding Practices

  • (Locked)
    Declaring variables

    3m 37s
  • (Locked)
    Inputs and outputs

    5m 57s
  • (Locked)
    Protecting secrets

    7m 15s
  • (Locked)
    Data-flow security

    6m 3s
  • (Locked)
    Deployment and operations

    8m 29s
  • (Locked)
    Isolation techniques

    5m 1s
  • (Locked)
    Processor microarchitecture security

    5m 3s
• 22. Finding and Fixing Vulnerabilities 22. Finding and Fixing Vulnerabilities

  • (Locked)
    Identifying risks

    5m 26s
  • (Locked)
    The OWASP Top 10: 1-5

    6m 53s
  • (Locked)
    The OWASP Top 10: 6-10

    5m 14s
  • (Locked)
    Common Weakness Enumeration (CWE)

    4m 47s
  • (Locked)
    Addressing risks

    5m 32s
• 23. Component Security 23. Component Security

  • (Locked)
    Third-party code and libraries

    4m 9s
  • (Locked)
    Component integration

    5m 2s
  • (Locked)
    Implementing security controls

    4m 16s
  • (Locked)
    Security in the build process

    5m 52s
• 24. Domain 6: Secure Software Testing 24. Domain 6: Secure Software Testing

  • (Locked)
    Secure software testing

    3m 25s
• 25. Developing Security Test Cases 25. Developing Security Test Cases

  • (Locked)
    Understanding your test environment

    4m 19s
  • (Locked)
    Automation vs. manual testing

    7m 43s
  • (Locked)
    Ensuring a comprehensive approach

    7m 25s
  • (Locked)
    Validating cryptography

    6m 5s
• 26. Developing a Testing Strategy 26. Developing a Testing Strategy

  • (Locked)
    Grouping your tests

    6m 42s
  • (Locked)
    Leveraging external resources

    8m 4s
  • (Locked)
    Verifying and validating documentation

    6m 38s
• 27. Conducting Security Tests 27. Conducting Security Tests

  • (Locked)
    Securing test data

    6m 50s
  • (Locked)
    Verification and validation testing

    5m 45s
  • (Locked)
    Identifying undocumented functionality

    5m 13s
• 28. Reviewing the Results 28. Reviewing the Results

  • (Locked)
    Security implications of test results

    4m 56s
  • (Locked)
    Classifying and tracking security errors

    6m 50s
• 29. Domain 7: Secure Software Deployment, Operations, and Maintenance 29. Domain 7: Secure Software Deployment, Operations, and Maintenance

  • (Locked)
    Secure software deployment, operations, and maintenance

    4m 54s
• 30. Deploying Your Software 30. Deploying Your Software

  • (Locked)
    Performing an operational risk analysis

    8m 45s
  • (Locked)
    Releasing software securely

    7m 16s
  • (Locked)
    Storing and managing security data

    7m 52s
  • (Locked)
    Ensuring secure installation

    7m 15s
  • (Locked)
    Post-deployment security testing

    6m 25s
• 31. Shifting Into Operations 31. Shifting Into Operations

  • (Locked)
    Obtaining security approval to operate

    5m 33s
  • (Locked)
    Continuous security monitoring

    8m 12s
  • (Locked)
    Support incident response

    6m 48s
  • (Locked)
    Support continuity of operations

    6m 49s
  • (Locked)
    Service level objectives and agreements

    6m
• 32. Maintaining Your Software 32. Maintaining Your Software

  • (Locked)
    Patch management

    5m 39s
  • (Locked)
    Vulnerability management

    8m 18s
  • (Locked)
    Runtime protection

    5m 23s
• 33. Domain 8: Secure Software Supply Chain 33. Domain 8: Secure Software Supply Chain

  • (Locked)
    Secure software supply chain

    2m 23s
• 34. Supply Chain Risk Management 34. Supply Chain Risk Management

  • (Locked)
    Identifying and selecting components

    7m 9s
  • (Locked)
    Assessing components' risks

    5m 48s
  • (Locked)
    Responding to those risks

    5m 32s
  • (Locked)
    Monitoring changes and vulnerabilities

    6m 43s
  • (Locked)
    Maintaining third-party components

    3m 58s
• 35. Ensure Software Security 35. Ensure Software Security

  • (Locked)
    Analyzing third-party software security

    7m 2s
  • (Locked)
    Verifying pedigree and provenance

    6m 45s
• 36. Get It in Writing 36. Get It in Writing

  • (Locked)
    Security in the acquisition process

    8m 32s
  • (Locked)
    Contractual requirements

    5m 31s
• 37. Exam Logistics 37. Exam Logistics

  • (Locked)
    Registering for the exam

    4m 33s
  • (Locked)
    Exam environment

    3m 39s
  • (Locked)
    Passing the exam

    2m 43s
  • (Locked)
    Exam tips

    4m 22s
  • (Locked)
    Practice tests

    3m 54s
  • (Locked)
    Experience requirements

    3m 31s
  • (Locked)
    Continuing education requirements

    5m 21s
• Conclusion Conclusion

  • (Locked)
    Next steps

    1m 57s