CSSLP Cert Prep: 3 Secure Software Design

Learn the foundations of secure software design as you prepare for the third domain of the Certified Secure Software Lifecycle Professional (CSSLP) exam.

Introduction

• Secure software design

1. Threat Modeling

• What is threat modeling?
• Understand common threats
• Attack surface evaluation

2. Security Architecture

• Identifying and prioritizing controls
• Traditional security architectures
• Pervasive and ubiquitous computing
• Identifying and prioritizing controls
• Cloud architectures
• Embedded system considerations
• Architectural risk assessments
• Component-based systems
• Security enhancing tools
• Cognitive computing
• Control systems

3. Security Design

• Components of a secure environment
• Designing network and server controls
• Designing data controls
• Secure design principles and patterns
• Secure interface design
• Design security review
• Secure operational architecture

4. Modeling

• Nonfunctional properties and constraints
• Data modeling and classification

Conclusion

• Next steps