Bash, the Crucial Exams Chat Bot
AI Bot
Secure Software Concepts (CSSLP) Flashcards
ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Flashcards
| Front | Back |
| Application security | Measures taken to ensure software is resistant to unauthorized access and data breaches |
| Authentication | Process to verify entity identity before allowing software interaction |
| Authorization | Determines what actions authenticated users or systems can perform |
| Code review | Analyses of source code to identify security flaws and improve quality |
| Cryptographic key management | Safeguarding the generation, use, and storage of cryptographic keys |
| Data classification | Categorizing data based on sensitivity to guide appropriate security controls |
| Dependency management | Process of identifying, tracking, and securing software libraries and packages |
| DevSecOps integration | Embedding security practices and tools into the DevOps workflow |
| Dynamic analysis | Testing the running software to discover runtime vulnerabilities |
| Encryption | Process of converting data to protect its confidentiality during transmission and storage |
| Error handling | Ensuring software errors do not leak sensitive data or provide information to attackers |
| Identity management | Systems and processes for managing user identities and controlling access to resources |
| Incident response planning | Preparing for identifying, mitigating, and recovering from security incidents in software |
| Input validation | Ensuring application processes input securely to avoid injection attacks |
| Mobile application security | Unique considerations for securing software designed for mobile devices |
| OWASP Top Ten | List of common software vulnerabilities and security risks provided by OWASP |
| Patch management | Process to update software to fix bugs and security vulnerabilities |
| Principle of least privilege | Ensuring users and systems have only the access necessary to perform their tasks |
| Privacy by design | Concept to integrate privacy into software design and development from the beginning |
| Risk management | Process to identify, assess, and prioritize minimizing risks in software systems |
| Runtime application self-protection (RASP) | Security technology that protects applications while they are executing |
| Secure API design | Principles for protecting exposed APIs from unauthorized access and abuse |
| Secure coding | Practices that reduce risks of vulnerabilities during code development |
| Secure configuration management | Maintaining secure settings for systems, software, and infrastructure |
| Secure deployment | Steps to ensure applications are securely configured before releasing |
| Secure lifecycle phases | Stages of development ensuring security considerations throughout SDLC |
| Secure logging and monitoring | Practices to ensure all security-relevant events are recorded and reviewed |
| Secure software design | Implementing principles like least privilege and defense in depth in architecture |
| Security awareness training | Educating development teams about secure coding and practices |
| Security governance | Establishing policies and standards to align software security with organizational goals |
| Security misconfiguration | Configuration vulnerabilities that can leave systems exposed to attack |
| Security requirements | Identifying and incorporating security-specific needs during software development |
| Security testing | Evaluation of an application to find flaws in its security mechanisms |
| Session management | Controlling how user sessions are managed to prevent hijacking or misuse |
| Software composition analysis (SCA) | Identifying open-source components and their vulnerabilities in a codebase |
| Static analysis | Examination of source code without executing the program to find flaws |
| Supply chain security | Mitigating risks associated with third-party software and dependencies |
| Threat intelligence integration | Using external and internal intelligence to anticipate and prevent attacks |
| Threat modeling | Process of identifying and prioritizing security threats and vulnerabilities |
| Zero trust | Security model where access is restricted and requires verification, regardless of network location |
This deck covers foundational principles and best practices for secure software development, including threat modeling, risk management, and secure engineering lifecycle concepts.