CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security

Review essential software and systems security concepts and best practices as you prepare for the CySA+ (CS0-002) exam. Learn about software testing, encryption, and more.

Introduction

• Software and systems security
• What you should know
• Study resources

1. Software Development Life Cycle

• Software platforms
• Development methodologies
• Maturity models
• Change management
• DevOps and DevSecOps

2. Software Assessment and Testing

• Code review
• Software testing
• Code tests
• Fuzz testing
• Interface testing
• Misuse case testing
• Test coverage analysis

3. Secure Coding Best Practices

• Input validation
• Parameterized queries
• Authentication and session management issues
• Data protection
• Output encoding
• Error and exception handling
• Code repositories
• Code signing

4. Service Oriented Architecture

• SOAP and REST
• SOA and microservices

5. Secure Systems Design

• Operating system types
• Data encryption
• Hardware and firmware security
• Peripheral security
• Physical asset management

6. Encryption and Certificate Management

• Understanding encryption
• Symmetric and asymmetric cryptography
• Goals of cryptography
• Choosing encryption algorithms
• Key exchange
• Diffie-Hellman
• Trust models
• PKI and digital certificates
• Hash functions
• Digital signatures
• Creating a digital certificate
• Revoking a digital certificate

7. Penetration Testing

• Planning a penetration test
• Designing penetration tests
• Exploitation frameworks
• Interception proxies
• Penetration test reporting
• Training and exercises

8. Reverse Engineering

• Reverse engineering software
• Reverse engineering hardware

9. Virtualization

• Virtualization
• Desktop and application virtualization
• Containerization

10. Networking

• Security zones
• VLANs
• Isolating sensitive systems
• Virtual private networks (VPNs)
• Software-defined networking

11. Cloud Computing

• What is the cloud?
• Cloud computing roles
• Cloud compute resources
• Cloud storage
• Cloud networking
• Cloud databases
• Cloud orchestration
• Cloud auditing tools

12. Extending Defenses

• Deception technologies

Conclusion

• Next steps