book

The CSSLP™ Prep Guide: Mastering the Certified Secure Software Lifecycle Professional

Name: The CSSLP™ Prep Guide: Mastering the Certified Secure Software Lifecycle Professional
ISBN: 9780470461907

by Ronald L. Krutz, Alexander J. Fry

August 2009

Intermediate to advanced

664 pages

17h 10m

English

Wiley

Read now

Unlock full access

Copyright
About the Authors
Credits
Acknowledgments
Introduction
CSSLP DomainsRequirementsThe Approach of this BookHow this Book Is OrganizedCD-ROMWho Should Read this Book
1. Secure Software Concepts
1.1. Confidentiality, Integrity, and Availability1.1.1. Confidentiality1.1.2. Integrity1.1.3. Availability1.2. Authentication, Authorization, Auditing, and Accountability1.2.1. Authentication1.2.2. Authorization1.2.3. Auditing1.2.4. Accountability1.3. Security Design Principles1.3.1. Least Privilege1.3.2. Separation of Duties1.3.3. Defense in Depth1.3.4. Fail Safe1.3.5. Economy of Mechanism1.3.6. Complete Mediation1.3.7. Open Design1.3.8. Least Common Mechanism1.3.9. Psychological Acceptability1.3.10. Weakest Link1.3.11. Leveraging Existing Components1.4. Risk Management1.4.1. Information System Risk Management1.4.1.1. The Risk Assessment Process1.4.1.1.1. System Characterization1.4.1.1.2. Threat Identification1.4.1.1.3. Vulnerability Identification1.4.1.1.4. Control Analysis1.4.1.1.5. Likelihood Determination1.4.1.1.6. Impact Analysis1.4.1.1.7. Risk Determination1.4.1.1.8. Control Recommendations1.4.1.1.9. Results Documentation1.4.1.2. Risk Mitigation1.4.1.2.1. Risk Mitigation Options1.4.1.2.2. Categories of Controls1.4.1.2.3. Determination of Residual Risk1.4.1.3. Personnel Involved in the Risk Management Process1.4.2. Software Security Risk Management Concepts1.4.2.1. Microsoft Security Risk Management Discipline (SRMD)1.4.2.2. LeGrand Vulnerability-Oriented Risk Management1.4.2.3. Morana Risk Management Activities1.4.2.4. Cigital Risk Management Method1.4.3. Risk Management and Assurance Activities in the SDLC1.4.3.1. System Development Life Cycle1.4.3.2. Incorporating Risk Management into the SDLC1.4.3.3. Incorporating Assurance in the SDLC1.5. Regulations, Privacy, and Compliance1.5.1. FISMA1.5.1.1. FISMA Performance Requirements1.5.1.2. Identification of Information Types1.5.2. Information Privacy and Privacy Laws1.5.2.1. Privacy Policy1.5.2.2. Privacy-Related Legislation and Guidelines1.5.3. Sarbanes-Oxley1.5.4. Gramm-Leach-Bliley1.5.5. HIPAA1.5.5.1. HIPAA Final Security Rule1.5.5.2. HIPAA Final Privacy Rule1.5.6. PCI Data Security Standard1.6. Software Architecture1.6.1. Software Architecture Definitions1.6.2. Software Architecture Styles1.6.3. Software Architecture Assurance1.7. Software Development Methodologies1.7.1. Software Development Life Cycle Characteristics1.7.2. Microsoft Trustworthy Security Development Life Cycle1.7.2.1. Microsoft Software Development Baseline Process1.7.2.2. Microsoft Trustworthy Security Development Life Cycle (SDL) Principles and Model1.7.3. CLASP1.7.3.1. CLASP Views1.7.3.2. CLASP Resources1.7.3.3. Vulnerability Use Cases1.7.4. Seven Touchpoints for Software Security1.7.5. TSP-Secure1.8. Intellectual Property and Privacy Legal Issues1.8.1. Intellectual Property Law1.8.1.1. Patent1.8.1.2. Copyright1.8.1.3. Trade Secret1.8.1.4. Trademark1.8.1.5. Warranty1.8.2. Information Privacy Principles1.8.2.1. European Union (EU) Principles1.8.2.2. Health Care–Related Privacy Issues1.8.2.3. Platform for Privacy Preferences (P3P)1.9. Standards and Guidelines1.9.1. ISO 27000 Series1.9.1.1. ISO 270011.9.1.2. ISO 270021.9.1.3. ISO 270031.9.1.4. ISO 270041.9.1.5. ISO 270051.9.1.6. ISO 270061.9.2. OWASP Top Ten Project1.9.3. OWASP Development Guide1.9.4. OWASP Code Review Guide1.9.5. OWASP Testing Guide1.10. Information Security Models1.10.1. Access Control Models1.10.1.1. Access Matrix1.10.1.2. Take-Grant Model1.10.1.3. Bell-LaPadula Model1.10.2. Integrity Models1.10.2.1. Biba Integrity Model1.10.2.2. Clark-Wilson Model1.10.3. Information Flow Models1.10.3.1. Non-interference Model1.10.3.2. Chinese Wall Model1.10.4. Composition Theories1.10.5. Systems Security Engineering Capability Maturity Model (SSE-CMM)1.11. Trusted Computing1.11.1. TCG Elements1.11.1.1. Trusted Platform Modules1.11.1.2. TCG Software Stack1.11.1.3. Trusted Network Connect1.11.2. Trusted Computing Base (TCB)1.12. Acquisition Assurance Issues1.12.1. Phases of the Acquisition Process1.12.2. Measures in the Software Assurance Acquisition Process1.12.3. Additional Software Acquisition Assurance Issues1.13. Summary1.14. Assessment Questions
2. Secure Software Requirements
2.1. Approaches to Software Requirements Engineering2.2. Security Policy Decomposition2.2.1. Considerations in the SDLC2.2.2. NIST 33 Security Principles2.2.3. Information Security Policy Implementation and Decomposition2.2.3.1. Policies, Standards, Guidelines, and Procedures2.2.3.1.1. Standards, Guidelines, Procedures, and Baselines2.2.3.1.2. Roles and Responsibilities2.2.3.2. Decomposing Confidentiality, Integrity, Availability, Identification, Authentication, Authorization, and Auditing into Secure Software Requirements2.2.3.2.1. Confidentiality2.2.3.2.2. Integrity2.2.3.2.3. Availability2.2.3.2.4. Authentication and Identification2.2.3.2.5. Authorization2.2.3.2.6. Auditing2.2.3.3. Monitoring Internal and External Requirements2.3. Identification of Data and Gathering of Threat Information2.3.1. Data Classification2.3.2. Use Cases2.3.3. Abuse Cases2.4. Summary2.5. Assessment Questions
3. Secure Software Design
3.1. Design Processes3.1.1. Attack Surface Evaluation3.1.2. Threat Modeling3.1.3. Control Identification3.1.4. Control Prioritization3.1.5. Documentation3.2. Design Considerations3.2.1. Confidentiality, Integrity, and Availability3.2.1.1. Confidentiality3.2.1.2. Integrity3.2.1.3. Availability3.2.2. Authentication, Authorization, and Auditing3.2.2.1. Authentication3.2.2.2. Authorization3.2.2.3. Auditing3.2.3. Security Design Principles3.2.3.1. General Principle 1: Minimize the Number of High-Consequence Targets3.2.3.1.1. Principle of Least Privilege3.2.3.1.2. Principle of Separation of Privileges, Duties, and Roles3.2.3.1.3. Principle of Separation of Domains3.2.3.2. General Principle 2: Don't Expose Vulnerable or High-Consequence Components3.2.3.2.1. Keep Program Data, Executables, and Program Control/Configuration Data Separated3.2.3.2.2. Segregate Trusted Entities from Untrusted Entities3.2.3.2.3. Minimize the Number of Entry and Exit Points into and out of Any Entity3.2.3.2.4. Assume Environment Data Is Not Trustworthy3.2.3.2.5. Use Only Safe Interfaces to Environment Resources3.2.3.3. General Principle 3: Deny Attackers the Means to Compromise3.2.3.3.1. Simplify the Design3.2.3.3.2. Hold All Actors Accountable, Not Just Human Users3.2.3.3.3. Avoid Timing, Synchronization, and Sequencing Issues3.2.3.3.4. Make Secure States Easy to Enter and Vulnerable States Difficult to Enter3.2.3.3.5. Design for Controllability3.2.3.3.6. Design for Secure Failure3.2.3.3.7. Design for Survivability3.2.3.3.8. Do Not Trust Client-Originated Data3.2.4. Security Design Patterns3.2.5. Interconnectivity3.2.6. Security Management Interfaces3.2.7. Identity Management3.3. Architecture3.3.1. Distributed Computing3.3.2. Service-Oriented Architecture3.3.3. Rich Internet Applications3.3.4. Pervasive Computing3.3.5. Cloud Computing3.3.6. Software-as-a-Service3.3.7. Integration with Existing Architectures3.4. Technologies3.4.1. Authentication and Identity Management3.4.1.1. Multi-factor Authentication3.4.1.2. Federated Identity Management3.4.2. Credential Management3.4.3. Flow Control3.4.4. Audit3.4.5. Data Protection3.4.5.1. Data Loss Prevention3.4.5.2. Database Security3.4.6. Computing Environment3.4.6.1. Programming Languages3.4.6.1.1. Managed Code3.4.6.1.2. Unmanaged Code3.4.6.2. Virtualization3.4.6.3. Operating Systems3.4.7. Digital Rights Management3.4.8. Integrity3.5. Design and Architecture Technical Review3.6. Summary3.7. Assessment Questions
4. Secure Software Implementation/Coding
4.1. Declarative versus Programmatic Security4.1.1. Declarative Security4.1.2. Programmatic Security4.1.3. Code Access Security4.2. Common Software Vulnerabilities and Countermeasures4.2.1. Vulnerability Categories4.2.1.1. CWE/SANS Top 254.2.1.2. OWASP Top Ten4.2.2. Virtualization4.2.3. Side-Channel4.2.4. Embedded Systems4.3. Defensive Coding Practices4.4. Exception Handling4.5. Configuration Management4.6. Build Environment4.7. Code/Peer Review4.8. Code Analysis4.8.1. Static Code Analysis4.8.2. Dynamic Code Analysis4.8.2.1. SAMATE4.8.2.2. Support Tool Evaluation4.8.3. Static Analysis Tools4.8.3.1. Source Code Security Analyzers4.8.3.2. Byte Code Scanners4.8.3.3. Binary Code Scanners4.8.3.3.1. Disassemblers4.8.3.3.2. Decompilers4.8.4. Dynamic Analysis Tools4.8.5. Code Analysis in the SDL4.9. Anti-tampering Techniques4.9.1. Hardware-Based Protection4.9.2. Software-Based Protection4.9.2.1. Encryption Wrappers4.9.2.2. Code Obfuscation4.9.2.3. Software Watermarking and Fingerprinting4.9.2.4. Guarding4.10. Interface Coding4.11. Summary4.12. Assessment Questions
5. Secure Software Testing
5.1. Testing for Security Quality Assurance5.1.1. Conformance Testing5.1.2. Functional Testing5.1.2.1. Logic Testing5.1.3. Performance Testing5.1.3.1. Stress Testing5.1.4. Security Testing5.1.4.1. Fault Injection5.1.4.1.1. Source Code Fault Injection5.1.4.1.2. Binary Fault Injection5.1.4.2. Dynamic Code Analysis5.1.4.3. Property-Based Testing5.1.4.4. Black Box Debugging5.1.5. Environment5.1.5.1. Integration Testing5.1.5.2. Interoperability Testing5.1.6. Bug Tracking5.1.7. Attack Surface Validation5.2. Test Types5.2.1. Testing Concepts5.2.2. Penetration Testing5.2.2.1. Legal and Ethical Implications5.2.2.2. The Three Pre-test Phases5.2.2.2.1. Footprinting5.2.2.2.2. Scanning5.2.2.2.3. Enumerating5.2.2.3. Penetration Testing Tools and Techniques5.2.2.3.1. Port Scanners5.2.2.3.2. Vulnerability Scanners5.2.2.3.3. Password Crackers5.2.2.3.4. Trojan Horses5.2.2.3.5. Buffer Overflows5.2.2.3.6. SQL Injection Attack5.2.2.3.7. Cross Site Scripting (XSS)5.2.2.3.8. Social Engineering5.2.2.3.9. Intrusion Detection System (IDS)5.2.2.4. Wireless Network Penetration Testing5.2.2.4.1. WLAN Vulnerabilities5.2.2.4.2. Wireless Scanning Tools5.2.2.5. Additional Penetration Testing Considerations5.2.3. Fuzzing5.2.4. Scanning5.2.4.1. Identifying Active Machines5.2.4.1.1. Traceroute5.2.4.1.2. Ping5.2.4.2. Discover Open Ports and Available Services5.2.4.2.1. Port Scanning5.2.4.2.2. Banner Grabbing5.2.4.2.3. War Dialing and War Walking5.2.4.3. Fingerprinting5.2.4.3.1. Passive Fingerprinting5.2.4.3.2. Active Fingerprinting5.2.4.4. Mapping the Network5.2.5. Simulation Testing5.2.5.1. Simulation and the Computing Environment5.2.5.2. Simulation and Data5.2.5.3. Simulation in Load and Stress Tests5.2.5.4. Quality Assurance Simulation Acceptance Testing5.3. Testing for Failure5.3.1. Software Failure Modes and Effects Analysis (SFMEA)5.3.2. Bi-Directional Safety Analysis (BDSA)5.3.3. Security Stress Testing5.4. Cryptographic Validation5.4.1. NIST Cryptographic Module Validation Program (CMVP)5.5. Impact Assessment and Corrective Action5.5.1. Risk Analysis Summary5.5.1.1. Annualized Loss Expectancy5.5.1.2. Typical Threats and Attacks5.5.1.3. Impact Determination5.5.1.4. Management Responsibilities in Risk Analysis Relating to Software Security Testing5.5.1.5. Corrective Action and Mitigation5.6. Standards for Software Quality Assurance5.6.1. ISO 9126 Software Quality Model5.6.2. SSE-CMM5.6.3. OSSTMM5.6.4. DIACAP5.7. Regression Testing5.8. Summary5.9. Assessment Questions

6. Software Acceptance
6.1. Pre-release or Pre-deployment Activities6.1.1. Completion Criteria6.1.1.1. Software Disaster Recovery Plan6.1.2. Risk Acceptance6.1.2.1. Configuration Management6.1.2.1.1. Primary Functions of Configuration Management6.1.2.1.2. Definitions and Procedures6.1.3. Business Continuity Planning and Disaster Recovery Planning6.1.3.1. Business Continuity Planning6.1.3.1.1. Goals and the BCP Process6.1.3.1.2. Scope and Plan Initiation6.1.3.1.3. Business Impact Assessment6.1.3.1.4. Business Continuity Plan Development6.1.3.1.5. Plan Approval and Implementation6.1.3.1.6. Roles and Responsibilities6.1.3.2. Disaster Recovery Planning6.1.3.2.1. Developing the DRP6.1.3.2.2. Determining Recovery Time Objectives6.1.3.2.3. Establishing Backup Sites6.1.3.2.4. Plan Testing6.1.3.2.5. Implementing the Plan6.2. Post-release Activities6.2.1. Verification and Validation6.2.2. Certification and Accreditation6.2.2.1. International Organization for Standardization Certification6.2.2.2. BITS Certification6.2.2.3. ICSA Labs Antivirus Product Certification6.2.2.4. Election Assistance Commission Certification6.2.2.5. Defense Information Assurance Certification and Accreditation Process6.2.2.6. Intelligence Community Directive 5036.2.2.7. Federal Information Security Management Act6.2.2.8. FIPS 1996.2.2.9. Section 508 Compliance6.2.2.10. FIPS 140 Certification6.2.2.11. Certification and Accreditation (C&A) Transformation Initiative6.2.3. Independent Testing6.2.3.1. Independent Verification and Validation6.2.3.2. Independent Security Testing6.3. Summary6.4. Assessment Questions
7. Software Deployment, Operations, and Maintenance
7.1. Installation and Deployment7.1.1. Bootstrapping7.1.2. Offline Environment7.1.2.1. Trusted Platform Module7.1.2.2. Cold Boot Attacks7.1.3. Configuration Management7.1.3.1. Hardening7.1.3.2. Elevated Privileges7.1.3.3. Platform Change7.2. Operations and Maintenance7.2.1. Resource Protection7.2.2. Privileged Entity Protection7.2.3. Categories of Operations Controls7.3. Monitoring and Auditing7.3.1. Monitoring7.3.1.1. Cyber-Threat Analysis7.3.1.2. Intrusion Detection7.3.1.2.1. Network-Based ID7.3.1.2.2. Host-Based ID7.3.1.2.3. Signature-Based ID7.3.1.2.4. Statistical Anomaly-Based ID7.3.1.3. IDS Issues7.3.1.4. Penetration Testing7.3.1.5. Violation Analysis7.3.2. Auditing7.3.3. INCIDENT MANAGEMENT7.3.3.1. Preparation7.3.3.2. Detection and Analysis7.3.3.3. Containment, Eradication, and Recovery7.3.3.4. Post-Incident Activity7.3.3.5. NIST Incident-Handling Summary7.3.3.6. Internet Engineering Task Force Incident-Handling Guidelines7.3.4. Layered Security and IDS7.3.5. Computer Security and Incident Response Teams7.3.5.1. CERT/CC7.3.5.2. FedCIRC7.3.5.3. Forum of Incident Response and Security Teams7.3.6. Security Incident Notification Process7.3.7. Automated Notice and Recovery Mechanisms7.3.8. PROBLEM MANAGEMENT7.3.8.1. Tools7.3.8.2. Problem Management in Auditing7.3.8.3. Root Cause Analysis7.3.9. Maintenance7.3.10. Patching7.3.10.1. Patch Management Phases7.4. END-O-LIFE POLICIES7.4.1. Media Security Controls7.4.1.1. Overwriting7.4.1.2. Degaussing7.4.1.3. Destruction7.4.1.4. Record Retention7.4.1.5. Data Remanence7.4.1.6. Due Care and Due Diligence7.4.1.7. Documentation Control7.5. Summary7.6. Assessment Questions
A. Answers to Assessment Questions
A.1. Chapter 1A.2. Chapter 2A.3. Chapter 3A.4. Chapter 4A.5. Chapter 5A.6. Chapter 6A.7. Chapter 7
Glossary of Terms and Acronyms

Content preview from The CSSLP™ Prep Guide: Mastering the Certified Secure Software Lifecycle Professional

Chapter 2. Secure Software Requirements

The requirements for secure software are concerned with nonfunctional issues such as minimizing or eliminating vulnerabilities and ensuring that the software will perform as required, even under attack. This goal is distinct from security functionality in software, which addresses areas that derive from the information security policy, such as identification, authentication, and authorization.

Software requirements engineering is the process of determining customer software expectations and needs and is conducted before the software design phase. The requirements have to be unambiguous, correct, quantifiable, and detailed.

Karen Goertzel, Theodore Winograd, and their contributors in "Enhancing the Development Life Cycle to Produce Secure Software"^[19] from the United States Department of Defense Data and Analysis Center for Software (DACS) state that all software shares the following three security needs:

It must be dependable under anticipated operating conditions, and remain dependable under hostile operating conditions.
It must be trustworthy in its own behavior, and in its inability to be compromised by an attacker through exploitation of vulnerabilities or insertion of malicious code.
It must be resilient enough to recover quickly to full operational capability with a minimum of damage to itself, the resources and data it handles, and the external components with which it interacts.

In this chapter, the considerations for software being secure ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

Publisher Resources

ISBN: 9780470461907Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

The CSSLP™ Prep Guide: Mastering the Certified Secure Software Lifecycle Professional

by Ronald L. Krutz, Alexander J. Fry

Chapter 2. Secure Software Requirements

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.