Please enable JavaScript.
Coggle requires JavaScript to display documents.
CSSLP (3.) Secure Software Design (Define the Security Architecture…
CSSLP
3.) Secure Software Design
Requirements Allocation
Requirement Allocation
Design Consideration
Threat Modeling
Threat Surfaces
Attack Surface Evaluation
Constrained User Interfaces
Modeling Security Properties
Define the Security Architecture
Security Architecture
Meeting Requirements
Architecture Methodologies
SDLC
Enterprise-wide Architecture
Architecture Models
Client Server
The Waterfall
Rich Internet Application
Pervasive Computing
IoT Risk
Feature-based Risk
Near Field Communication
Trusted Components
Moving to the Cloud
Cloud Implementations
Reasons to Migrate to the Cloud
Cloud-based Advantages
Mobile Applications
Performing Secure Interface Design
Perform Secure Interface Design
Interfaces
Out of Banc
State
Models
Performing Architectural Risk Assessment
Perform Secure Assembly Architecture for Component-based Systems
Perform Secure Assembly Architecture
Outside Vendors
Power and Environmental Controls
Secure Design Principles
Design Principles
Evaluate and Select Reusable Secure Design
Operating System Security
Software Define
Data Loss Prevention
Encryption
Asymmetric Algorithms (Public Key)
Integrity
Databases
Programming Environments
Design Security Review
5.) Secure Software Testing
Develop the Test Plan
Develop Secure Test Strategy
Testing Techniques
Testing the Box
Environmental Testing
Testing Methodologies
Developing and Acquiring Test Data
Security test Data
The Purpose of Testing
Database Integrity
Database Concerns
Executing the Test Plan
Develop Security Test Cases
Failure Testing
Vulnerability Assessment and Penetration Testing
Scanning
Repeatable
Working from Test Results
Verification and Validation
Working from Test Results
6.) Secure Lifecycle Management
Identify Security Standards and Framework
Identify Security Standards and Framework
Support Governance Risk and Compliance
Risk Management
Risk Response
Secure Configuration
Secure Configuration
Operational Environment
Version Control
Established Security Metrics
Established Security Milestones
Decommission Software
Decommission Software
Data Destruction
4.) Secure Software Implementation and Programming
Follow Secure Coding Practices
Follow secure coding
Injection, Session Management, and XSS
Sensitive Data Exposure
PA-DSS
Memory Management
Separation of Development and Operational Environments
Error Handling and Logging
Fixing Errors
Logging
Secure By:
Code Protection
Input/Output Validation
Testing and Verification
Testing and Verification
Review for Known Vulnerabilities
Third Party Code
Malware
Malware
Security Vulnerabilities
2.) Secure Software Requirements
Identity Security Requirements
Identify Security Requirements
Gathering Requirements
Policy
Actions
Legal
Interpret Data Classification Requirements
Interpret Data Classification Requirements
Identify Data Classification Requirements - Ownership
Identify Data Classification Requirements - Rentention
Identify Privacy Requirements
Data Protection
Re-identification
Include Security in Software Requirements
Include Security in Software Requirements
Standards and Best Practices
OpenSAMM
OWASP
Building Security in Maturity Model
SAFECode
NIST and ISO
PCI-DSS and PA-DSS
Develop Use and Misuse Cases
Threat Modeling
Project Risk
Develop Security Requirements Traceability Matrix
7.) Software Deployment, Operation and Maintenance
Secure Software Deployment
Secure Software Deployment
Asset Categorization
Obtain Security Approval to Operate
Environment hardening
Access Control
Logging
Secure Software Operations
Software Deployment
Post-implementation Support
Credentials
Software Protection
Encryption Keys
Continuos Improvement
Vulnerability Assessment
Secure Software Maintenance
Secure Software Maintenance
Support Incident Response
Root Cause Analysis
Support Continuity of Operations
Disaster Recovery Planning
Delayed Recovery
Effective DRP
8.) Supply Chain and Software Acquisition
Analyze Security and Third Party Software
Analyze Security and Third Party Software
Outsourcing Software Development
Verify Pedigree and Provenance
Provide Support to the Acquisition Process
Provide Support to the Acquisition Process
Audit
Product Deployment and Sustainment
1.) Secure Software Concept
Secure Software Core Concepts
Confidentiality
Integrity
Biometrics
Availability
Authentication
Single Sign-On
Authorization
Credential Management
Accounting
Non-repudiation
Digital Signatures
Secure Software Concept
Security Design Principle
Risk
Frame Risk
Threat Risk
Information Systems Controls
Need to Know
Least Privilege
Access Control
Separation of Duties
Defense-in-Depth
Fail Safe
Economy of Mechanism and Leveraging Existing Components
Complete Mediation
Open Design
Psychological Acceptability
Least Common Mechanism and Single Point of failure