CompTIA Security+ (SY0-601) Cert Prep: 2 Secure Code Design and Implementation

Learn about the risks associated with application vulnerabilities—and the secure coding practices that can help you avoid attacks—as you prepare for the Security+ exam.

Introduction

• Secure code design and implementation
• What you need to know
• Study resources

1. Software Development Lifecycle

• Software platforms
• Development methodologies
• Maturity models
• Change management
• Automation and DevOps

2. Software Quality Assurance

• Code review
• Software testing
• Code security tests
• Fuzz testing
• Code repositories
• Application management
• Third-party code

3. Application Attacks

• OWASP Top 10
• Application security
• Prevent SQL injection
• Cross-site scripting
• Request forgery
• Defend against directory traversal
• Overflow attacks
• Cookies and attachments
• Session hijacking
• Code execution attacks
• Privilege escalation
• Driver manipulation
• Memory vulnerabilities
• Race condition vulnerabilities

4. Secure Coding Practices

• Input validation
• Parameterized queries
• Authentication and session management issues
• Output encoding
• Error and exception handling
• Code signing
• Database security
• Data deidentification
• Data obfuscation

Conclusion

• Continue your studies