You are previewing The CSSLP™ Prep Guide: Mastering the Certified Secure Software Lifecycle Professional.
O'Reilly logo
The CSSLP™ Prep Guide: Mastering the Certified Secure Software Lifecycle Professional

Book Description

The first test prep guide for the new ISC2 Certified Secure Software Lifecycle Professional exam

The CSSLP (Certified Secure Software Lifecycle Professional) is a new certification that incorporates government standards and best practices for secure software development. It emphasizes the application of secure software methodologies during the software development cycle. If you're an IT professional, security professional, software developer, project manager, software assurance tester, executive manager or employee of a government agency in a related field, your career may benefit from this certification.

Written by experts in computer systems and security, The CSSLP Prep Guide thoroughly covers all aspects of the CSSLP certification exam, with hundreds of sample test questions and answers available on the accompanying CD.

  • The Certified Secure Software Lifecycle Professional (CSSLP) is an international certification incorporating new government, commercial, and university derived secure software development methods; it is a natural complement to the CISSP credential

  • The study guide covers the seven domains of the CSSLP Common Body of Knowledge (CBK), namely Secure Software Concepts, Secure Software Requirements, Secure Software Design, and Secure Software Implementation/Coding and Testing,Secure Software Testing, Software Acceptance, and Software Deployment, Operations, Maintenance and Disposal

  • Provides in-depth exploration and explanation of the seven CSSLP domains

  • Includes a CD with hundreds of practice exam questions and answers

The CSSLP Prep Guide prepares you for the certification exam and career advancement.

Table of Contents

  1. Copyright
  2. About the Authors
  3. Credits
  4. Acknowledgments
  5. Introduction
    1. CSSLP Domains
    2. Requirements
      1. The Approach of this Book
      2. How this Book Is Organized
      3. CD-ROM
      4. Who Should Read this Book
  6. 1. Secure Software Concepts
    1. 1.1. Confidentiality, Integrity, and Availability
      1. 1.1.1. Confidentiality
      2. 1.1.2. Integrity
      3. 1.1.3. Availability
    2. 1.2. Authentication, Authorization, Auditing, and Accountability
      1. 1.2.1. Authentication
      2. 1.2.2. Authorization
      3. 1.2.3. Auditing
      4. 1.2.4. Accountability
    3. 1.3. Security Design Principles
      1. 1.3.1. Least Privilege
      2. 1.3.2. Separation of Duties
      3. 1.3.3. Defense in Depth
      4. 1.3.4. Fail Safe
      5. 1.3.5. Economy of Mechanism
      6. 1.3.6. Complete Mediation
      7. 1.3.7. Open Design
      8. 1.3.8. Least Common Mechanism
      9. 1.3.9. Psychological Acceptability
      10. 1.3.10. Weakest Link
      11. 1.3.11. Leveraging Existing Components
    4. 1.4. Risk Management
      1. 1.4.1. Information System Risk Management
        1. 1.4.1.1. The Risk Assessment Process
          1. 1.4.1.1.1. System Characterization
          2. 1.4.1.1.2. Threat Identification
          3. 1.4.1.1.3. Vulnerability Identification
          4. 1.4.1.1.4. Control Analysis
          5. 1.4.1.1.5. Likelihood Determination
          6. 1.4.1.1.6. Impact Analysis
          7. 1.4.1.1.7. Risk Determination
          8. 1.4.1.1.8. Control Recommendations
          9. 1.4.1.1.9. Results Documentation
        2. 1.4.1.2. Risk Mitigation
          1. 1.4.1.2.1. Risk Mitigation Options
          2. 1.4.1.2.2. Categories of Controls
          3. 1.4.1.2.3. Determination of Residual Risk
        3. 1.4.1.3. Personnel Involved in the Risk Management Process
      2. 1.4.2. Software Security Risk Management Concepts
        1. 1.4.2.1. Microsoft Security Risk Management Discipline (SRMD)
        2. 1.4.2.2. LeGrand Vulnerability-Oriented Risk Management
        3. 1.4.2.3. Morana Risk Management Activities
        4. 1.4.2.4. Cigital Risk Management Method
      3. 1.4.3. Risk Management and Assurance Activities in the SDLC
        1. 1.4.3.1. System Development Life Cycle
        2. 1.4.3.2. Incorporating Risk Management into the SDLC
        3. 1.4.3.3. Incorporating Assurance in the SDLC
    5. 1.5. Regulations, Privacy, and Compliance
      1. 1.5.1. FISMA
        1. 1.5.1.1. FISMA Performance Requirements
        2. 1.5.1.2. Identification of Information Types
      2. 1.5.2. Information Privacy and Privacy Laws
        1. 1.5.2.1. Privacy Policy
        2. 1.5.2.2. Privacy-Related Legislation and Guidelines
      3. 1.5.3. Sarbanes-Oxley
      4. 1.5.4. Gramm-Leach-Bliley
      5. 1.5.5. HIPAA
        1. 1.5.5.1. HIPAA Final Security Rule
        2. 1.5.5.2. HIPAA Final Privacy Rule
      6. 1.5.6. PCI Data Security Standard
    6. 1.6. Software Architecture
      1. 1.6.1. Software Architecture Definitions
      2. 1.6.2. Software Architecture Styles
      3. 1.6.3. Software Architecture Assurance
    7. 1.7. Software Development Methodologies
      1. 1.7.1. Software Development Life Cycle Characteristics
      2. 1.7.2. Microsoft Trustworthy Security Development Life Cycle
        1. 1.7.2.1. Microsoft Software Development Baseline Process
        2. 1.7.2.2. Microsoft Trustworthy Security Development Life Cycle (SDL) Principles and Model
      3. 1.7.3. CLASP
        1. 1.7.3.1. CLASP Views
        2. 1.7.3.2. CLASP Resources
        3. 1.7.3.3. Vulnerability Use Cases
      4. 1.7.4. Seven Touchpoints for Software Security
      5. 1.7.5. TSP-Secure
    8. 1.8. Intellectual Property and Privacy Legal Issues
      1. 1.8.1. Intellectual Property Law
        1. 1.8.1.1. Patent
        2. 1.8.1.2. Copyright
        3. 1.8.1.3. Trade Secret
        4. 1.8.1.4. Trademark
        5. 1.8.1.5. Warranty
      2. 1.8.2. Information Privacy Principles
        1. 1.8.2.1. European Union (EU) Principles
        2. 1.8.2.2. Health Care–Related Privacy Issues
        3. 1.8.2.3. Platform for Privacy Preferences (P3P)
    9. 1.9. Standards and Guidelines
      1. 1.9.1. ISO 27000 Series
        1. 1.9.1.1. ISO 27001
        2. 1.9.1.2. ISO 27002
        3. 1.9.1.3. ISO 27003
        4. 1.9.1.4. ISO 27004
        5. 1.9.1.5. ISO 27005
        6. 1.9.1.6. ISO 27006
      2. 1.9.2. OWASP Top Ten Project
      3. 1.9.3. OWASP Development Guide
      4. 1.9.4. OWASP Code Review Guide
      5. 1.9.5. OWASP Testing Guide
    10. 1.10. Information Security Models
      1. 1.10.1. Access Control Models
        1. 1.10.1.1. Access Matrix
        2. 1.10.1.2. Take-Grant Model
        3. 1.10.1.3. Bell-LaPadula Model
      2. 1.10.2. Integrity Models
        1. 1.10.2.1. Biba Integrity Model
        2. 1.10.2.2. Clark-Wilson Model
      3. 1.10.3. Information Flow Models
        1. 1.10.3.1. Non-interference Model
        2. 1.10.3.2. Chinese Wall Model
      4. 1.10.4. Composition Theories
      5. 1.10.5. Systems Security Engineering Capability Maturity Model (SSE-CMM)
    11. 1.11. Trusted Computing
      1. 1.11.1. TCG Elements
        1. 1.11.1.1. Trusted Platform Modules
        2. 1.11.1.2. TCG Software Stack
        3. 1.11.1.3. Trusted Network Connect
      2. 1.11.2. Trusted Computing Base (TCB)
    12. 1.12. Acquisition Assurance Issues
      1. 1.12.1. Phases of the Acquisition Process
      2. 1.12.2. Measures in the Software Assurance Acquisition Process
      3. 1.12.3. Additional Software Acquisition Assurance Issues
    13. 1.13. Summary
    14. 1.14. Assessment Questions
  7. 2. Secure Software Requirements
    1. 2.1. Approaches to Software Requirements Engineering
    2. 2.2. Security Policy Decomposition
      1. 2.2.1. Considerations in the SDLC
      2. 2.2.2. NIST 33 Security Principles
      3. 2.2.3. Information Security Policy Implementation and Decomposition
        1. 2.2.3.1. Policies, Standards, Guidelines, and Procedures
          1. 2.2.3.1.1. Standards, Guidelines, Procedures, and Baselines
          2. 2.2.3.1.2. Roles and Responsibilities
        2. 2.2.3.2. Decomposing Confidentiality, Integrity, Availability, Identification, Authentication, Authorization, and Auditing into Secure Software Requirements
          1. 2.2.3.2.1. Confidentiality
          2. 2.2.3.2.2. Integrity
          3. 2.2.3.2.3. Availability
          4. 2.2.3.2.4. Authentication and Identification
          5. 2.2.3.2.5. Authorization
          6. 2.2.3.2.6. Auditing
        3. 2.2.3.3. Monitoring Internal and External Requirements
    3. 2.3. Identification of Data and Gathering of Threat Information
      1. 2.3.1. Data Classification
      2. 2.3.2. Use Cases
      3. 2.3.3. Abuse Cases
    4. 2.4. Summary
    5. 2.5. Assessment Questions
  8. 3. Secure Software Design
    1. 3.1. Design Processes
      1. 3.1.1. Attack Surface Evaluation
      2. 3.1.2. Threat Modeling
      3. 3.1.3. Control Identification
      4. 3.1.4. Control Prioritization
      5. 3.1.5. Documentation
    2. 3.2. Design Considerations
      1. 3.2.1. Confidentiality, Integrity, and Availability
        1. 3.2.1.1. Confidentiality
        2. 3.2.1.2. Integrity
        3. 3.2.1.3. Availability
      2. 3.2.2. Authentication, Authorization, and Auditing
        1. 3.2.2.1. Authentication
        2. 3.2.2.2. Authorization
        3. 3.2.2.3. Auditing
      3. 3.2.3. Security Design Principles
        1. 3.2.3.1. General Principle 1: Minimize the Number of High-Consequence Targets
          1. 3.2.3.1.1. Principle of Least Privilege
          2. 3.2.3.1.2. Principle of Separation of Privileges, Duties, and Roles
          3. 3.2.3.1.3. Principle of Separation of Domains
        2. 3.2.3.2. General Principle 2: Don't Expose Vulnerable or High-Consequence Components
          1. 3.2.3.2.1. Keep Program Data, Executables, and Program Control/Configuration Data Separated
          2. 3.2.3.2.2. Segregate Trusted Entities from Untrusted Entities
          3. 3.2.3.2.3. Minimize the Number of Entry and Exit Points into and out of Any Entity
          4. 3.2.3.2.4. Assume Environment Data Is Not Trustworthy
          5. 3.2.3.2.5. Use Only Safe Interfaces to Environment Resources
        3. 3.2.3.3. General Principle 3: Deny Attackers the Means to Compromise
          1. 3.2.3.3.1. Simplify the Design
          2. 3.2.3.3.2. Hold All Actors Accountable, Not Just Human Users
          3. 3.2.3.3.3. Avoid Timing, Synchronization, and Sequencing Issues
          4. 3.2.3.3.4. Make Secure States Easy to Enter and Vulnerable States Difficult to Enter
          5. 3.2.3.3.5. Design for Controllability
          6. 3.2.3.3.6. Design for Secure Failure
          7. 3.2.3.3.7. Design for Survivability
          8. 3.2.3.3.8. Do Not Trust Client-Originated Data
      4. 3.2.4. Security Design Patterns
      5. 3.2.5. Interconnectivity
      6. 3.2.6. Security Management Interfaces
      7. 3.2.7. Identity Management
    3. 3.3. Architecture
      1. 3.3.1. Distributed Computing
      2. 3.3.2. Service-Oriented Architecture
      3. 3.3.3. Rich Internet Applications
      4. 3.3.4. Pervasive Computing
      5. 3.3.5. Cloud Computing
      6. 3.3.6. Software-as-a-Service
      7. 3.3.7. Integration with Existing Architectures
    4. 3.4. Technologies
      1. 3.4.1. Authentication and Identity Management
        1. 3.4.1.1. Multi-factor Authentication
        2. 3.4.1.2. Federated Identity Management
      2. 3.4.2. Credential Management
      3. 3.4.3. Flow Control
      4. 3.4.4. Audit
      5. 3.4.5. Data Protection
        1. 3.4.5.1. Data Loss Prevention
        2. 3.4.5.2. Database Security
      6. 3.4.6. Computing Environment
        1. 3.4.6.1. Programming Languages
          1. 3.4.6.1.1. Managed Code
          2. 3.4.6.1.2. Unmanaged Code
        2. 3.4.6.2. Virtualization
        3. 3.4.6.3. Operating Systems
      7. 3.4.7. Digital Rights Management
      8. 3.4.8. Integrity
    5. 3.5. Design and Architecture Technical Review
    6. 3.6. Summary
    7. 3.7. Assessment Questions
  9. 4. Secure Software Implementation/Coding
    1. 4.1. Declarative versus Programmatic Security
      1. 4.1.1. Declarative Security
      2. 4.1.2. Programmatic Security
      3. 4.1.3. Code Access Security
    2. 4.2. Common Software Vulnerabilities and Countermeasures
      1. 4.2.1. Vulnerability Categories
        1. 4.2.1.1. CWE/SANS Top 25
        2. 4.2.1.2. OWASP Top Ten
      2. 4.2.2. Virtualization
      3. 4.2.3. Side-Channel
      4. 4.2.4. Embedded Systems
    3. 4.3. Defensive Coding Practices
    4. 4.4. Exception Handling
    5. 4.5. Configuration Management
    6. 4.6. Build Environment
    7. 4.7. Code/Peer Review
    8. 4.8. Code Analysis
      1. 4.8.1. Static Code Analysis
      2. 4.8.2. Dynamic Code Analysis
        1. 4.8.2.1. SAMATE
        2. 4.8.2.2. Support Tool Evaluation
      3. 4.8.3. Static Analysis Tools
        1. 4.8.3.1. Source Code Security Analyzers
        2. 4.8.3.2. Byte Code Scanners
        3. 4.8.3.3. Binary Code Scanners
          1. 4.8.3.3.1. Disassemblers
          2. 4.8.3.3.2. Decompilers
      4. 4.8.4. Dynamic Analysis Tools
      5. 4.8.5. Code Analysis in the SDL
    9. 4.9. Anti-tampering Techniques
      1. 4.9.1. Hardware-Based Protection
      2. 4.9.2. Software-Based Protection
        1. 4.9.2.1. Encryption Wrappers
        2. 4.9.2.2. Code Obfuscation
        3. 4.9.2.3. Software Watermarking and Fingerprinting
        4. 4.9.2.4. Guarding
    10. 4.10. Interface Coding
    11. 4.11. Summary
    12. 4.12. Assessment Questions
  10. 5. Secure Software Testing
    1. 5.1. Testing for Security Quality Assurance
      1. 5.1.1. Conformance Testing
      2. 5.1.2. Functional Testing
        1. 5.1.2.1. Logic Testing
      3. 5.1.3. Performance Testing
        1. 5.1.3.1. Stress Testing
      4. 5.1.4. Security Testing
        1. 5.1.4.1. Fault Injection
          1. 5.1.4.1.1. Source Code Fault Injection
          2. 5.1.4.1.2. Binary Fault Injection
        2. 5.1.4.2. Dynamic Code Analysis
        3. 5.1.4.3. Property-Based Testing
        4. 5.1.4.4. Black Box Debugging
      5. 5.1.5. Environment
        1. 5.1.5.1. Integration Testing
        2. 5.1.5.2. Interoperability Testing
      6. 5.1.6. Bug Tracking
      7. 5.1.7. Attack Surface Validation
    2. 5.2. Test Types
      1. 5.2.1. Testing Concepts
      2. 5.2.2. Penetration Testing
        1. 5.2.2.1. Legal and Ethical Implications
        2. 5.2.2.2. The Three Pre-test Phases
          1. 5.2.2.2.1. Footprinting
          2. 5.2.2.2.2. Scanning
          3. 5.2.2.2.3. Enumerating
        3. 5.2.2.3. Penetration Testing Tools and Techniques
          1. 5.2.2.3.1. Port Scanners
          2. 5.2.2.3.2. Vulnerability Scanners
          3. 5.2.2.3.3. Password Crackers
          4. 5.2.2.3.4. Trojan Horses
          5. 5.2.2.3.5. Buffer Overflows
          6. 5.2.2.3.6. SQL Injection Attack
          7. 5.2.2.3.7. Cross Site Scripting (XSS)
          8. 5.2.2.3.8. Social Engineering
          9. 5.2.2.3.9. Intrusion Detection System (IDS)
        4. 5.2.2.4. Wireless Network Penetration Testing
          1. 5.2.2.4.1. WLAN Vulnerabilities
          2. 5.2.2.4.2. Wireless Scanning Tools
        5. 5.2.2.5. Additional Penetration Testing Considerations
      3. 5.2.3. Fuzzing
      4. 5.2.4. Scanning
        1. 5.2.4.1. Identifying Active Machines
          1. 5.2.4.1.1. Traceroute
          2. 5.2.4.1.2. Ping
        2. 5.2.4.2. Discover Open Ports and Available Services
          1. 5.2.4.2.1. Port Scanning
          2. 5.2.4.2.2. Banner Grabbing
          3. 5.2.4.2.3. War Dialing and War Walking
        3. 5.2.4.3. Fingerprinting
          1. 5.2.4.3.1. Passive Fingerprinting
          2. 5.2.4.3.2. Active Fingerprinting
        4. 5.2.4.4. Mapping the Network
      5. 5.2.5. Simulation Testing
        1. 5.2.5.1. Simulation and the Computing Environment
        2. 5.2.5.2. Simulation and Data
        3. 5.2.5.3. Simulation in Load and Stress Tests
        4. 5.2.5.4. Quality Assurance Simulation Acceptance Testing
    3. 5.3. Testing for Failure
      1. 5.3.1. Software Failure Modes and Effects Analysis (SFMEA)
      2. 5.3.2. Bi-Directional Safety Analysis (BDSA)
      3. 5.3.3. Security Stress Testing
    4. 5.4. Cryptographic Validation
      1. 5.4.1. NIST Cryptographic Module Validation Program (CMVP)
    5. 5.5. Impact Assessment and Corrective Action
      1. 5.5.1. Risk Analysis Summary
        1. 5.5.1.1. Annualized Loss Expectancy
        2. 5.5.1.2. Typical Threats and Attacks
        3. 5.5.1.3. Impact Determination
        4. 5.5.1.4. Management Responsibilities in Risk Analysis Relating to Software Security Testing
        5. 5.5.1.5. Corrective Action and Mitigation
    6. 5.6. Standards for Software Quality Assurance
      1. 5.6.1. ISO 9126 Software Quality Model
      2. 5.6.2. SSE-CMM
      3. 5.6.3. OSSTMM
      4. 5.6.4. DIACAP
    7. 5.7. Regression Testing
    8. 5.8. Summary
    9. 5.9. Assessment Questions
  11. 6. Software Acceptance
    1. 6.1. Pre-release or Pre-deployment Activities
      1. 6.1.1. Completion Criteria
        1. 6.1.1.1. Software Disaster Recovery Plan
      2. 6.1.2. Risk Acceptance
        1. 6.1.2.1. Configuration Management
          1. 6.1.2.1.1. Primary Functions of Configuration Management
          2. 6.1.2.1.2. Definitions and Procedures
      3. 6.1.3. Business Continuity Planning and Disaster Recovery Planning
        1. 6.1.3.1. Business Continuity Planning
          1. 6.1.3.1.1. Goals and the BCP Process
          2. 6.1.3.1.2. Scope and Plan Initiation
          3. 6.1.3.1.3. Business Impact Assessment
          4. 6.1.3.1.4. Business Continuity Plan Development
          5. 6.1.3.1.5. Plan Approval and Implementation
          6. 6.1.3.1.6. Roles and Responsibilities
        2. 6.1.3.2. Disaster Recovery Planning
          1. 6.1.3.2.1. Developing the DRP
          2. 6.1.3.2.2. Determining Recovery Time Objectives
          3. 6.1.3.2.3. Establishing Backup Sites
          4. 6.1.3.2.4. Plan Testing
          5. 6.1.3.2.5. Implementing the Plan
    2. 6.2. Post-release Activities
      1. 6.2.1. Verification and Validation
      2. 6.2.2. Certification and Accreditation
        1. 6.2.2.1. International Organization for Standardization Certification
        2. 6.2.2.2. BITS Certification
        3. 6.2.2.3. ICSA Labs Antivirus Product Certification
        4. 6.2.2.4. Election Assistance Commission Certification
        5. 6.2.2.5. Defense Information Assurance Certification and Accreditation Process
        6. 6.2.2.6. Intelligence Community Directive 503
        7. 6.2.2.7. Federal Information Security Management Act
        8. 6.2.2.8. FIPS 199
        9. 6.2.2.9. Section 508 Compliance
        10. 6.2.2.10. FIPS 140 Certification
        11. 6.2.2.11. Certification and Accreditation (C&A) Transformation Initiative
      3. 6.2.3. Independent Testing
        1. 6.2.3.1. Independent Verification and Validation
        2. 6.2.3.2. Independent Security Testing
    3. 6.3. Summary
    4. 6.4. Assessment Questions
  12. 7. Software Deployment, Operations, and Maintenance
    1. 7.1. Installation and Deployment
      1. 7.1.1. Bootstrapping
      2. 7.1.2. Offline Environment
        1. 7.1.2.1. Trusted Platform Module
        2. 7.1.2.2. Cold Boot Attacks
      3. 7.1.3. Configuration Management
        1. 7.1.3.1. Hardening
        2. 7.1.3.2. Elevated Privileges
        3. 7.1.3.3. Platform Change
    2. 7.2. Operations and Maintenance
      1. 7.2.1. Resource Protection
      2. 7.2.2. Privileged Entity Protection
      3. 7.2.3. Categories of Operations Controls
    3. 7.3. Monitoring and Auditing
      1. 7.3.1. Monitoring
        1. 7.3.1.1. Cyber-Threat Analysis
        2. 7.3.1.2. Intrusion Detection
          1. 7.3.1.2.1. Network-Based ID
          2. 7.3.1.2.2. Host-Based ID
          3. 7.3.1.2.3. Signature-Based ID
          4. 7.3.1.2.4. Statistical Anomaly-Based ID
        3. 7.3.1.3. IDS Issues
        4. 7.3.1.4. Penetration Testing
        5. 7.3.1.5. Violation Analysis
      2. 7.3.2. Auditing
      3. 7.3.3. INCIDENT MANAGEMENT
        1. 7.3.3.1. Preparation
        2. 7.3.3.2. Detection and Analysis
        3. 7.3.3.3. Containment, Eradication, and Recovery
        4. 7.3.3.4. Post-Incident Activity
        5. 7.3.3.5. NIST Incident-Handling Summary
        6. 7.3.3.6. Internet Engineering Task Force Incident-Handling Guidelines
      4. 7.3.4. Layered Security and IDS
      5. 7.3.5. Computer Security and Incident Response Teams
        1. 7.3.5.1. CERT/CC
        2. 7.3.5.2. FedCIRC
        3. 7.3.5.3. Forum of Incident Response and Security Teams
      6. 7.3.6. Security Incident Notification Process
      7. 7.3.7. Automated Notice and Recovery Mechanisms
      8. 7.3.8. PROBLEM MANAGEMENT
        1. 7.3.8.1. Tools
        2. 7.3.8.2. Problem Management in Auditing
        3. 7.3.8.3. Root Cause Analysis
      9. 7.3.9. Maintenance
      10. 7.3.10. Patching
        1. 7.3.10.1. Patch Management Phases
    4. 7.4. END-O-LIFE POLICIES
      1. 7.4.1. Media Security Controls
        1. 7.4.1.1. Overwriting
        2. 7.4.1.2. Degaussing
        3. 7.4.1.3. Destruction
        4. 7.4.1.4. Record Retention
        5. 7.4.1.5. Data Remanence
        6. 7.4.1.6. Due Care and Due Diligence
        7. 7.4.1.7. Documentation Control
    5. 7.5. Summary
    6. 7.6. Assessment Questions
  13. A. Answers to Assessment Questions
    1. A.1. Chapter 1
    2. A.2. Chapter 2
    3. A.3. Chapter 3
    4. A.4. Chapter 4
    5. A.5. Chapter 5
    6. A.6. Chapter 6
    7. A.7. Chapter 7
  14. Glossary of Terms and Acronyms