• Online, Self-Paced
Course Description

Security practices must be integrated in every aspect of software design. In this course, you'll explore secure software design processes such as attack surface evaluation, threat modeling, control identification, and prioritization. You'll also be introduced to specific design considerations to keep in mind like addressing core security concepts and interconnectivity. Finally, this course covers best practices for securing commonly used architecture and technologies like virtualization, database, and the programming language environment. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

Learning Objectives

Design Processes

  • start the course
  • measure and minimize attack surface
  • recognize threat modeling techniques and the purpose of documentation
  • identify characteristics of control identification and prioritization
  • identify characteristics of design and architecture technical review
  • identify characteristics of risk assessment for code reuse

Design Considerations

  • distinguish between applicable methods to address core security concepts
  • recognize security design principle best practices
  • distinguish between interconnectivity activities best practices
  • identify interfaces best practices

Securing Commonly Used Architecture

  • distinguish between the different architectural forms and supporting elements of secured distributed computing
  • recognize best practices for securing service-oriented architecture
  • recognize best practices for securing rich Internet applications
  • recognize best practices for securing pervasive and ubiquitous computing
  • recognize best security practices when integrating with existing architectures
  • recognize best practices for securing cloud architectures
  • recognize best practices for securing mobile applications

Technologies

  • distinguish between characteristics of authentication and identity management
  • recognize characteristics of credential management
  • distinguish between flow control methods
  • recognize characteristics of logging
  • recognize characteristics of data loss prevention
  • identify benefits of virtualization in secure software design
  • recognize types of Rights Expression Language or REL in Digital Rights Management or DRM
  • recognize characteristics of trusted computing
  • distinguish between database security techniques
  • distinguish between compilers, interpreters, and hybrid source codes
  • recognize characteristics of operating systems
  • distinguish between control systems and firmware

Practice: Designing Secure Software

  • identify best practices for designing secure software

Framework Connections

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.