Skip to main content

CSSLP - Certified Secure Software Lifecycle Professional (overview)

The following is example of secure software controls that should be considered through the life cycle of a software development project. Depending on the type of organizations, some or all of these controls should be factored. Military organizations generally have stringent controls that need to be built in than civilian organizations.

Security in the Systems Development Life Cycle
  • Requirements Gathering
    • Business Partner Engagement
    • Identify Policies & Standards
    • Identify Regulatory & Legal Requirements
    • Identify Privacy Requirements
    • Identify Compliance Requirements
    • Develop C,I, A* Goals & Objectives
    • Develop Procurement Requirements
    • Perform Risk Assessment
  • Design
    • Use and Abuse Case Modeling
    • Secure Design Review
    • Secure Architecture Review
    • Threat & Risk Modeling
    • Generate Security Requirements
    • Generate Security Test Cases
  • Development
    • Writing Secure Code
    • Security Code Review
    • Security Documentation
  • Testing
    • Security Testing
    • Redo Risk Assessment
  • Deployment
    • Secure Installation
    • Vulnerability Assessment
    • Penetration Testing
    • Security Certiication & Accreditation
    • Risk Adjustments
  • Maintenance
    • Change Control
    • Coniguration Control
    • Recertiication & Reaccreditation
    • Incident Handling
    • Auditing
    • Continuous Monitoring
  • Disposal
    • Secure Archiving
    • Data Sanitization
    • Secure Disposal
    • Learn and Educate
WhitePaper CSSLP - The Need for Secure Software.
Labels:

Comments

Post a Comment

Popular posts from this blog

The Difference between DB and DB_EXTENDED

When doing Audit on any table on the the database , the default auditing is DB. SQL > show parameters audit_trail NAME                                 TYPE        VALUE ------------------------------------ ----------- ------------------------------ audit_trail                          string      DB in this case , when you do audit on some table. SQL> audit all on scott.emp by access; Audit succeeded SQL> update emp set sal=sal*0.95 where job='MANAGER'; 3 rows updated. if you want to know the statement made these changes, you will receive nothing on the sql_text field while you are selecting the audit_trial table.
Post a Comment
Read more

Web Application Security Scanner : Sandcat

Sandcat is multi-process remote web application security scanner. It maps the entire web site structure ( all links , forms , XHR requests and other entry points) and tries to find custom,unique vulnerabilities by simulating a wide range of attacks/sending thousands of requests (mostly GET and POST).  It also tests for SQL Inection, XSS, File inclusion and many other web application vulnerability classes.  Sandcat's code scanning functionality automates the process of reviewing the web application's code .  Source : CEH Lectures ...
Post a Comment
Read more