Home » Certified Secure Software Lifecycle Professional (CSSLP)

Opleiding: Certified Secure Software Lifecycle Professional (CSSLP)

Bij: International Management Forum

 

International Management Forum

Fellenoord 224
5611 ZC EINDHOVEN
 

Inhoud van de cursus

DOMEIN I
SECURE SOFTWARE CONCEPTS
Understand secure software concepts, methodologies, and implementation within centralized and decentralized environments across the enterprise's computer systems.
Core concepts
Security design principles

DOMEIN II
SECURE SOFTWARE REQUIREMENTS
Understand the security requirements in the requirements gathering phase of the Secure Software Development Lifecycle (SDLC)
Identify internal and external security requirements
Interpret data classification requirements
Identify privacy requirements
Develop misuse and abuse cases
Include security in software requirement specifications
Develop security requirement traceability matrix

DOMEIN III
SECURE SOFTWARE DESIGN
Understand the techniques of performing attack surface analysis and conducting threat modeling, as well as being able to identify and review the countermeasures that mitigate risk.
Perform threat modeling
Define the security architecture
Performing secure interface design
Performing architectural risk assesment
Modeling (non-functional) security properties and constraints
Model and classify data
Evaluate and select reusable secure design
Perform design security review
Design secure assembly architecture for component-based systems
Use security enhancing architecture and design tools
Use secure design principles and patterns

DOMEIN IV
SECURE SOFTWARE IMPLEMENTATION/PROGRAMMING
Learn about unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation.
Follow secure coding practices
Analyze code for security vulnerabilities
Implement security controls
Fix security vulnerabilities
Look for malicious code
Securely reuse third party codelibraries
Securely integrate components
Apply security during the build process
Debug security errors
Perform design security review
Design secure assembly architecture for component-based systems
Use security enhancing architecture and design tools
Use secure design principles and patterns

DOMEIN V
SECURE SOFTWARE TESTING
Know the standards for software quality assurance, and understand the concepts of functional and security testing, interoperability testing, bug tracking and testing of high priority code.
Develop security test cases
Develop security testing strategy and plan
Identify undocumented functionality
Interpret security implications of test results
Classify and track security errors
Secure test data
Developobtain security test data
Perform verification and validation testing

DOMEIN VI
SOFTWARE LIFECYCLE MANAGEMENT
Know the methods for determining completion criteria, risk acceptance and documentation (e.g., DRP and BCP), common criteria and methods of independent testing.
Secure configuration and version control
Establish security milestones
Choose a secure software methodology
Identify security standards and frameworks
Create security documentation
Develop security metrics
Decommission software
Report security status
Support governance, risk and compliance (GRC)

DOMEIN VII
SOFTWARE DEPLOYMENT, OPERATIONS, MAINTENANCE AND DISPOSAL
Know how to evaluate reports of vulnerabilities and release security advisories and updates when appropriate. Know how to conduct a post-mortem of reported vulnerabilities and take action as necessary, be familiar with procedures and security measures when a product reaches its end of life.
Perform implementation risk analysis
Release software securely
Securely store and manage security data
Ensure secure installation
Perform post-deployment security testing
Obtain security approval to operate
Perform security monitoring (e.g., managing error logs, audits, meeting SLAs, CIA metrics)
Support incident response
Support patch and vulnerability management
Support continuity of operations

DOMEIN VIII
SUPPLY CHAIN AND SOFTWARE ACQUISITION
Know how to establish a process for interacting with suppliers on issues such as vulnerability management, service level agreement (SLA) monitoring, and chain of custody troughout the source code development and maintenance lifecycle.
Analyze security of third party software
Verify pedigree and provenance
Provide security support to the acquisition process

Duur van de cursus

5 dagen

Kosten van de cursus

De kosten van de 5-daagse Certified Secure Software Lifecycle Professional (CSSLP) training bedragen € 3.500,- (excl. BTW) per persoon. Dit bedrag is inclusief alle lunches, koffie/thee en het trainingsmateriaal. Het CSSLP examen is niet inbegrepen. Het inschrijfgeld voor het examen bedraagt ongeveer € 550,- (excl. BTW) per persoon.

Plaatsen / leslocaties

Centraal in Nederland

Algemene informatie over de cursus

Certified Secure Software Lifecycle Professional (CSSLP) – de wereldwijde standaard voor IT en software professionals
Certified Secure Software Lifecycle Professional (CSSLP) is een nieuwe standaard van (ISC)2. In deze 5-daagse training worden IT en software professionals opgeleid om security practices (authenticatie, autorisatie en auditing) op te nemen in elke fase van de Software Development LifeCycle (SDLC); van software-ontwerp en implementatie tot het testen en uitrollen van software.

80% van alle beveiligingslekken is applicatie-gerelateerd!
Bij de ontwikkeling van software applicaties wordt vaak weinig rekening gehouden met security. Pas vlak voor de oplevering - of helemaal niet - wordt er met behulp van een vulnerability scan of penetratietest gekeken naar de veiligheid van een applicatie, waarbij tijdsdruk en kosten vaak een stempel drukken op de benodigde aanpassingen.

Web applicatiebeveiliging moet een topprioriteit zijn in elke organisatie
Veiligheidsgebreken en veiligheidszwaktes van applicaties staan bij cybersecurity professionals op nummer 1 als het gaat om bedreigingen. In deze nieuwe 5-daagse training en certificering van (ISC)2 leert u security te implementeren in elke fase van het software ontwikkelproces.

Certified Secure Software Lifecycle Professional (CSSLP) training – wat leert u?
In deze 5-daagse training leert u o.a.:
een applicatie programma te ontwikkelen voor de beveiliging van uw organisatie
de productiekosten te verlagen
het aantal kwetsbaarheden in de applicatie te verkleinen
vertraging bij de oplevering te minimaliseren
de geloofwaardigheid en betrouwbaarheid van uw organisatie en het ontwikkelteam te vergroten
verlies van inkomsten en reputatieschade als gevolg van een breach door onveilige software te verminderen
Na afloop van de CSSLP training kent u de tools en processen waarmee u security in elke fase van de software lifecycle inbouwt en verbetert.

Informatie aanvragen

Gegevens aangeduid met een * zijn verplicht in te vullen.
jaar
 
resterend: tekens
 
F06d7 Typ de code exact over: (hoofdlettergevoelig)
 
Copyright 2009-2020 Particuliereopleidingen.nl | Algemene voorwaarden | Overzicht van onze aanbieders | Adverteren