Exam Objective:

Domain 01: Secure Software Concepts

Domain 02: Secure Software Requirements

Domain 03: Secure Software Design

Domain 04: Secure Software Implementation/Programming

Domain 05: Secure Software Testing

Domain 06: Secure Lifecycle Management

Domain 07: Software Deployment, Operations, and Maintenance

Domain 08: Supply Chain Software Acquisition

Detailed Syllabus:

Domain 01: Secure Software Concepts

Core Concepts
Security Design Principles

Domain 02: Secure Software Requirements

Identify Security Requirements
Interpret Data Classification Requirements
Identify Privacy Requirements
Develop Misuse and Abuse Cases
Include Security in Software Requirement Specifications
Develop Security Requirement Traceability Matrix

Domain 03: Secure Software Design

Perform Threat Modeling
Define the Security Architecture
Performing Architectural Risk Assessment
Modeling (Non-Functional) Security Properties and Constraints
Model and Classify Data
Evaluate and Select Reusable Secure Design
Perform Design Security Review
Design Secure Assembly Architecture for Component-Based Systems
Use Security Enhance Architecture and Design Tools
Use Secure Design Principles and Patterns

Domain 04: Secure Software Implementation/Programming

Follow Secure Coding Practices
Analyze Code for Security Vulnerabilities
Implement Security Controls
Fix Security Vulnerabilities
Look for Malicious Code
Securely Reuse Third Party Code or Libraries
Securely Integrate Components
Apply Security during the Build Process
Debug Security Errors

Domain 05: Secure Software Testing

Develop Security Test Cases
Develop Security Testing Strategy and Plan
Identify Undocumented Functionality
Interpret Security Implications of Test results
Classify and Track Security Errors
Secure Test Data
Develop or Obtain Security Test Data
Perform Verification and Validation Testing

Domain 06: Secure Lifecycle Management

Secure Configuration and Version Control
Establish Security Milestones
Choose a Secure Software Methodology
Identify Security Standards and Frameworks
Create Security Documentation
Develop Security Metrics
Decommission Software
Report Security Status
Support Governance, Risk, and Compliance (GRC)

Domain 07: Software Deployment, Operations, and Maintenance

Perform Implementation Risk Analysis
Release Software Securely
Securely Store and Manage Security Data
Ensure Secure Installation
Perform Post-Deployment Security Testing
Obtain Security Approval to Operate
Perform Security Monitoring (e.g., managing error logs, audits, meeting SLAs, CIA metrics)
Support Incident Response
Support Patch and Vulnerability Management
Support Continuity of Operations

Domain 08: Supply Chain Software Acquisition

Analyze Security of Third Party Software
Verify Pedigree and Provenance
rovide Security Support to the Acquisition Process

If You Like What We Do Here On PentesterWorld, You Should Consider:

Stay Connected to: Twitter | Facebook

Subscribe to our email updates: Sign Up Now

 

We are thankful for your support.