Phil Martin - Essential CSSLP Exam Guide Updated for the 2nd Edition
Here you can read online Phil Martin - Essential CSSLP Exam Guide Updated for the 2nd Edition full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2018, publisher: Nonce Corp, genre: Computer / Science. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Essential CSSLP Exam Guide Updated for the 2nd Edition
- Author:
- Publisher:Nonce Corp
- Genre:
- Year:2018
- Rating:4 / 5
- Favourites:Add to favourites
- Your mark:
Essential CSSLP Exam Guide Updated for the 2nd Edition: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Essential CSSLP Exam Guide Updated for the 2nd Edition" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Phil Martin: author's other books
Who wrote Essential CSSLP Exam Guide Updated for the 2nd Edition? Find out the surname, the name of the author of the book and a list of all author's works by series.
Essential CSSLP Exam Guide Updated for the 2nd Edition — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Essential CSSLP Exam Guide Updated for the 2nd Edition" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
ESSENTIAL CSSLP Exam Guide Updated for the 2 nd Edition | ||
ESSENTIAL CSSLP Exam Guide Updated for the 2 nd Edition Phil Martin
|
Nonce Corp is an independent entity from (ISC) and is not affiliated with (ISC) in any manner. This study/training guide and/or material is not sponsored by, endorsed by, or affiliated with (ISC) in any manner. This publication may be used in assisting students to prepare for the Certified Secure Software Lifecycle Professional (CSSLP) exam. Neither (ISC) nor Nonce Corp warrant that use of this publication will ensure passing any exam. CSSLP is a trademark or registered trademark of (ISC) . All other trademarks are trademarks of their respective owners.
Look for the audio version of
this book on audible.com!
Essential CSSLP Exam Guide
Copyright 2018 by Nonce Corp. Printed in the United States of America. All rights reserved. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher.
All trademarks or copyrights mentioned herein are the possession of their respective owners and Nonce Corp makes no claim of ownership by the mention of products that contain these marks.
ISBN: 9781793828224
Information has been obtained by Nonce Corp from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, Nonce Corp does not guarantee the accuracy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.
This book is divided into three sections:
Core Security Concepts , which covers security basics and sets the stage for the next section.
Secure Software Development , which introduces the 12 roles involved in the software development world as it relates to security. Under each role, we will discuss the various duties and responsibilities that role must deliver for us to achieve secure software.
Secure Supply Chain Management , which is focused on delivering secure software when it is partially or wholly outsourced to external contractors. It is a rare company that does not use contractors in some capacity, so this is a must-read section.
I have used several formatting conventions in this book to help you make sense of the content.
This is normal text.
This is a crucial word that helps make the text make sense.
This is a definition you should try and remember.
This is a topic that a previous sentence promised to cover.
This is a previously-mentioned topic AND a definition you should try and remember.
The phrase secure software means different things to various people. If you are a developer, then code snippets might start dancing around in your head. If you are an architect, visions of design patterns and technology platforms will probably begin to form. For product people, aligning to various security standards might come to mind, while infrastructure folks start dreaming of patches and intrusion detection systems.
The real answer is that all of those responses are correct from each persons point of view. Making software secure requires good code, implementing the right standards, hardening infrastructure and employing the best enterprise security patterns, plus a whole lot more. Slinging good code is just a part of the puzzle, albeit a major part.
So, what will this book do for you?
It will teach you how to document, design, implement, test, deploy, maintain and retire software in a secure manner.
In fact, it breaks content up into 12 different areas, because that is how many different roles are required to come together to roll out secure software.
Lets explore the statistical attributes of your average attacker after all, the better you understand your opponent, the better equipped you will be to defeat them. Of course, I have a hidden agenda to this conversation that I will reveal at the end of this discussion.
In 2016 a fairly exhaustive effort was carried out by HackerOne to identify the makeup of hackers across the world. HackerOne helps to connect companies with hackers who can help expose vulnerabilities in the companys systems. The average hacker is a gray-hat someone who helps out companies and people for good, called white hats, and those who sometimes walk on the dark side for fun and profit, commonly called black hats. The color of each hat is based on early westerns from the 1930s in which the good guy normally dressed in white while the bad guys wore black. The gray hat reflects a combination of the two when you mix white with black you get a shade of gray. In short, gray hats are more than willing to help companies find weaknesses, as long as there is some profit or fame to be gained. At other times, you would not want to meet this same character walking down a back alley in the Dark Net. It all depends on what color of hat he is currently wearing.
Here are some interesting details from that report about hackers:
- The vast majority are under the age of 34
- 72% hack for money
- 70% also hack for fun
- 66% thrive on the challenge alone
- 50% claim to do good in the world through their hacking activities
- The United States and Russia have the highest concentration of free-lance hackers
- 17% use hacking as their sole source of income
- 26% generate of their income from bug bounty programs (companies willing to pay for hackers to discover vulnerabilities in their software)
- Hackers make anywhere from $20K to $350K from a single bug bounty program
- 98% are male
While all of this is interesting, take special note of that last statistic 98% of all hackers are male . As in he, not she. Why am I bringing this up? Because no one would ever accuse me of being a politically-correct individual, and I am not going to follow the socially popular trend of equally representing attackers as both genders in this book. Until you write a book you will not appreciate how difficult it is to do such a thing. Therefore, when we discuss an attacker, it will always be a he, because that is what the facts overwhelmingly support. This book will focus on how to implement secure systems, and I will leave the social crusading to others.
Does this offend you? As that timeless philosopher once noted, Haters are going to hate. Besides, my end goal is to really tick off hackers, anyway after all the whole point of this book to beat them at their own game!
Secure sockets layer, or SSL, is no longer considered to be secure, so we will only mention the use of transport layer security, or TLS in this book. Many books use the phrase TLS/SSL to refer to both, but there is absolutely no scenario in which SSL should be in use. Furthermore, when TLS is mentioned, I am referring to TLS 1.2 or better, as both TLS 1.0 and 1.1 have proven to be insecure.
Font size:
Interval:
Bookmark:
Similar books «Essential CSSLP Exam Guide Updated for the 2nd Edition»
Look at similar books to Essential CSSLP Exam Guide Updated for the 2nd Edition. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Essential CSSLP Exam Guide Updated for the 2nd Edition and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.