Bash, the Crucial Exams Chat Bot
AI Bot
Secure Software Concepts (CSSLP) Flashcards
ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Flashcards
| Front | Back |
| Application security | Measures taken to ensure software is resistant to unauthorized access and data breaches |
| Authentication | Process to verify entity identity before allowing software interaction |
| Authorization | Determines what actions authenticated users or systems can perform |
| Code review | Analyses of source code to identify security flaws and improve quality |
| Cryptographic key management | Safeguarding the generation, use, and storage of cryptographic keys |
| Data classification | Categorizing data based on sensitivity to guide appropriate security controls |
| Dependency management | Process of identifying, tracking, and securing software libraries and packages |
| DevSecOps integration | Embedding security practices and tools into the DevOps workflow |
| Dynamic analysis | Testing the running software to discover runtime vulnerabilities |
| Encryption | Process of converting data to protect its confidentiality during transmission and storage |
| Error handling | Ensuring software errors do not leak sensitive data or provide information to attackers |
| Identity management | Systems and processes for managing user identities and controlling access to resources |
| Incident response planning | Preparing for identifying, mitigating, and recovering from security incidents in software |
| Input validation | Ensuring application processes input securely to avoid injection attacks |
| Mobile application security | Unique considerations for securing software designed for mobile devices |
| OWASP Top Ten | List of common software vulnerabilities and security risks provided by OWASP |
| Patch management | Process to update software to fix bugs and security vulnerabilities |
| Principle of least privilege | Ensuring users and systems have only the access necessary to perform their tasks |
| Privacy by design | Concept to integrate privacy into software design and development from the beginning |
| Risk management | Process to identify, assess, and prioritize minimizing risks in software systems |
| Runtime application self-protection (RASP) | Security technology that protects applications while they are executing |
| Secure API design | Principles for protecting exposed APIs from unauthorized access and abuse |
| Secure coding | Practices that reduce risks of vulnerabilities during code development |
| Secure configuration management | Maintaining secure settings for systems, software, and infrastructure |
| Secure deployment | Steps to ensure applications are securely configured before releasing |
| Secure lifecycle phases | Stages of development ensuring security considerations throughout SDLC |
| Secure logging and monitoring | Practices to ensure all security-relevant events are recorded and reviewed |
| Secure software design | Implementing principles like least privilege and defense in depth in architecture |
| Security awareness training | Educating development teams about secure coding and practices |
| Security governance | Establishing policies and standards to align software security with organizational goals |
| Security misconfiguration | Configuration vulnerabilities that can leave systems exposed to attack |
| Security requirements | Identifying and incorporating security-specific needs during software development |
| Security testing | Evaluation of an application to find flaws in its security mechanisms |
| Session management | Controlling how user sessions are managed to prevent hijacking or misuse |
| Software composition analysis (SCA) | Identifying open-source components and their vulnerabilities in a codebase |
| Static analysis | Examination of source code without executing the program to find flaws |
| Supply chain security | Mitigating risks associated with third-party software and dependencies |
| Threat intelligence integration | Using external and internal intelligence to anticipate and prevent attacks |
| Threat modeling | Process of identifying and prioritizing security threats and vulnerabilities |
| Zero trust | Security model where access is restricted and requires verification, regardless of network location |
Front
Risk management
Click the card to flip
Back
Process to identify, assess, and prioritize minimizing risks in software systems
Front
Dynamic analysis
Back
Testing the running software to discover runtime vulnerabilities
Front
DevSecOps integration
Back
Embedding security practices and tools into the DevOps workflow
Front
Threat intelligence integration
Back
Using external and internal intelligence to anticipate and prevent attacks
Front
Application security
Back
Measures taken to ensure software is resistant to unauthorized access and data breaches
Front
Secure software design
Back
Implementing principles like least privilege and defense in depth in architecture
Front
Zero trust
Back
Security model where access is restricted and requires verification, regardless of network location
Front
Static analysis
Back
Examination of source code without executing the program to find flaws
Front
Secure configuration management
Back
Maintaining secure settings for systems, software, and infrastructure
Front
Security governance
Back
Establishing policies and standards to align software security with organizational goals
Front
Code review
Back
Analyses of source code to identify security flaws and improve quality
Front
Security requirements
Back
Identifying and incorporating security-specific needs during software development
Front
Supply chain security
Back
Mitigating risks associated with third-party software and dependencies
Front
Security misconfiguration
Back
Configuration vulnerabilities that can leave systems exposed to attack
Front
Security awareness training
Back
Educating development teams about secure coding and practices
Front
Incident response planning
Back
Preparing for identifying, mitigating, and recovering from security incidents in software
Front
Secure coding
Back
Practices that reduce risks of vulnerabilities during code development
Front
Mobile application security
Back
Unique considerations for securing software designed for mobile devices
Front
Principle of least privilege
Back
Ensuring users and systems have only the access necessary to perform their tasks
Front
Data classification
Back
Categorizing data based on sensitivity to guide appropriate security controls
Front
Software composition analysis (SCA)
Back
Identifying open-source components and their vulnerabilities in a codebase
Front
Secure deployment
Back
Steps to ensure applications are securely configured before releasing
Front
Patch management
Back
Process to update software to fix bugs and security vulnerabilities
Front
Dependency management
Back
Process of identifying, tracking, and securing software libraries and packages
Front
Error handling
Back
Ensuring software errors do not leak sensitive data or provide information to attackers
Front
Security testing
Back
Evaluation of an application to find flaws in its security mechanisms
Front
Threat modeling
Back
Process of identifying and prioritizing security threats and vulnerabilities
Front
Session management
Back
Controlling how user sessions are managed to prevent hijacking or misuse
Front
Authorization
Back
Determines what actions authenticated users or systems can perform
Front
Cryptographic key management
Back
Safeguarding the generation, use, and storage of cryptographic keys
Front
OWASP Top Ten
Back
List of common software vulnerabilities and security risks provided by OWASP
Front
Secure logging and monitoring
Back
Practices to ensure all security-relevant events are recorded and reviewed
Front
Input validation
Back
Ensuring application processes input securely to avoid injection attacks
Front
Identity management
Back
Systems and processes for managing user identities and controlling access to resources
Front
Runtime application self-protection (RASP)
Back
Security technology that protects applications while they are executing
Front
Authentication
Back
Process to verify entity identity before allowing software interaction
Front
Privacy by design
Back
Concept to integrate privacy into software design and development from the beginning
Front
Secure API design
Back
Principles for protecting exposed APIs from unauthorized access and abuse
Front
Encryption
Back
Process of converting data to protect its confidentiality during transmission and storage
Front
Secure lifecycle phases
Back
Stages of development ensuring security considerations throughout SDLC
1/40
This deck covers foundational principles and best practices for secure software development, including threat modeling, risk management, and secure engineering lifecycle concepts.