Official (ISC)2 Guide to the CSSLP CBK

The text allows readers to learn about software security from a renowned security practitioner who is the appointed software assurance advisor for (ISC)2. Complete with numerous illustrations, it makes complex security concepts easy to understand and implement. In addition to being a valuable resource for those studying for the CSSLP examination, this book is also an indispensable software security reference for those already part of the certified elite. A robust and comprehensive appendix makes this book a time-saving resource for anyone involved in secure software development.

Application vulnerabilities continue to top the list of cyber security concerns. While attackers and researchers continue to expose new application vulnerabilities, the most common application flaws are previous, rediscovered threats. For example, SQL injection and cross-site scripting (XSS) have appeared on the Open Web Application Security Project (OWASP) Top 10 list year after year over the past decade. This high volume of known application vulnerabilities suggests that many development teams do not have the security resources needed to address all potential security flaws and a clear shortage of qualified professionals with application security skills exists. Without action, this soft underbelly of business and governmental entities has and will continue to be exposed with serious consequences—data breaches, disrupted operations, lost business, brand damage, and regulatory fines. This is why it is essential for software professionals to stay current on the latest advances in software development and the new security threats they create.

Recognized as one of the best application security tools available for professionals involved in software development, the Official (ISC)^2® Guide to the CSSLP^® CBK^®, Second Edition, is both up-to-date and relevant, reflecting the latest developments in this ever-changing field and providing an intuitive approach to the CSSLP Common Body of Knowledge (CBK). It provides a robust and comprehensive study of the 8 domains of the CBK, covering everything from ensuring software security requirements are included in the software design phase to programming concepts that can effectively protect software from vulnerabilities to addressing issues pertaining to proper testing of software for security, and implementing industry standards and practices to provide a high level of assurance that the supply chain is secure—both up-stream. The book discusses the issues facing software professionals today, such as mobile app development, developing in the cloud, software supply chain risk management, and more.

Numerous illustrated examples and practical exercises are included in this book to help the reader understand the concepts within the CBK and to enable them to apply these concepts in real-life situations. Endorsed by (ISC)² and written and reviewed by CSSLPs and other (ISC)² members, this book serves as an unrivaled study tool for the certification exam and an invaluable career reference. Earning your CSSLP is an esteemed achievement that validates your efforts in security leadership to help your organization build resilient software capable of combating the security threats of today and tomorrow.