Bash, the Crucial Exams Chat Bot
AI Bot
Secure Software Concepts (CSSLP) Flashcards
ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Flashcards
Study our Secure Software Concepts (CSSLP) flashcards for the ISC2 Certified Secure Software Lifecycle Professional (CSSLP) exam with 40+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| Application security | Measures taken to ensure software is resistant to unauthorized access and data breaches |
| Authentication | Process to verify entity identity before allowing software interaction |
| Authorization | Determines what actions authenticated users or systems can perform |
| Code review | Analyses of source code to identify security flaws and improve quality |
| Cryptographic key management | Safeguarding the generation, use, and storage of cryptographic keys |
| Data classification | Categorizing data based on sensitivity to guide appropriate security controls |
| Dependency management | Process of identifying, tracking, and securing software libraries and packages |
| DevSecOps integration | Embedding security practices and tools into the DevOps workflow |
| Dynamic analysis | Testing the running software to discover runtime vulnerabilities |
| Encryption | Process of converting data to protect its confidentiality during transmission and storage |
| Error handling | Ensuring software errors do not leak sensitive data or provide information to attackers |
| Identity management | Systems and processes for managing user identities and controlling access to resources |
| Incident response planning | Preparing for identifying, mitigating, and recovering from security incidents in software |
| Input validation | Ensuring application processes input securely to avoid injection attacks |
| Mobile application security | Unique considerations for securing software designed for mobile devices |
| OWASP Top Ten | List of common software vulnerabilities and security risks provided by OWASP |
| Patch management | Process to update software to fix bugs and security vulnerabilities |
| Principle of least privilege | Ensuring users and systems have only the access necessary to perform their tasks |
| Privacy by design | Concept to integrate privacy into software design and development from the beginning |
| Risk management | Process to identify, assess, and prioritize minimizing risks in software systems |
| Runtime application self-protection (RASP) | Security technology that protects applications while they are executing |
| Secure API design | Principles for protecting exposed APIs from unauthorized access and abuse |
| Secure coding | Practices that reduce risks of vulnerabilities during code development |
| Secure configuration management | Maintaining secure settings for systems, software, and infrastructure |
| Secure deployment | Steps to ensure applications are securely configured before releasing |
| Secure lifecycle phases | Stages of development ensuring security considerations throughout SDLC |
| Secure logging and monitoring | Practices to ensure all security-relevant events are recorded and reviewed |
| Secure software design | Implementing principles like least privilege and defense in depth in architecture |
| Security awareness training | Educating development teams about secure coding and practices |
| Security governance | Establishing policies and standards to align software security with organizational goals |
| Security misconfiguration | Configuration vulnerabilities that can leave systems exposed to attack |
| Security requirements | Identifying and incorporating security-specific needs during software development |
| Security testing | Evaluation of an application to find flaws in its security mechanisms |
| Session management | Controlling how user sessions are managed to prevent hijacking or misuse |
| Software composition analysis (SCA) | Identifying open-source components and their vulnerabilities in a codebase |
| Static analysis | Examination of source code without executing the program to find flaws |
| Supply chain security | Mitigating risks associated with third-party software and dependencies |
| Threat intelligence integration | Using external and internal intelligence to anticipate and prevent attacks |
| Threat modeling | Process of identifying and prioritizing security threats and vulnerabilities |
| Zero trust | Security model where access is restricted and requires verification, regardless of network location |
About the Flashcards
Flashcards for the ISC2 Certified Secure Software Lifecycle Professional (CSSLP) exam present concise definitions and concepts across application security so students can quickly review essential terminology. Topics include secure coding, the OWASP Top Ten, threat modeling and risk management, authentication and authorization, encryption, and secure design principles such as least privilege and defense-in-depth.
The deck also covers practical controls and testing approaches emphasized on the exam: static and dynamic analysis, code review, software composition analysis, secure API and deployment practices, patching and dependency management, runtime protections (RASP), logging and monitoring, incident response, and privacy-by-design. Use the cards to reinforce key ideas, common vulnerabilities, and defensive measures.
Topics covered in this flashcard deck:
- Secure coding practices
- OWASP Top Ten
- Threat modeling and risk
- Authentication and authorization
- Static and dynamic analysis
- Dependency and supply-chain security