- Paperback: 672 pages
- Publisher: Wiley; 1 edition (August 24, 2009)
- Language: English
- ISBN-10: 047046190X
- ISBN-13: 978-0470461907
- Product Dimensions: 7.4 x 1.4 x 9.3 inches
- Shipping Weight: 2.2 pounds
- Average Customer Review: 7 customer reviews
- Amazon Best Sellers Rank: #2,610,072 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
The CSSLP Prep Guide: Mastering the Certified Secure Software Lifecycle Professional 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Customers who viewed this item also viewed
Customers who bought this item also bought
From the Back Cover
A valuable resource for preparing to take the Certified Secure Software Lifecycle Professional (CSSLP)
The steady rise of losses incurred by organizations from both insider and outsider attacks can, in large part, be attributed to a grave lack of software security. This increased abuse of software vulnerabilities has prompted government-imposed regulatory and compliance requirements. Enter the CSSLP exam. As a natural complement to the Certified Information Systems Security Professional (CISSP) credential, the CSSLP is a globally recognized standard of achievement and establishes an industry standard regarding the holder's knowledge and understanding for applying best practices when delivering secure software. This essential guide prepares you for taking the CSSLP examination while enforcing the belief that secure software should be an integral part of the software lifecyle directly from conception.
Ronald L. Krutz and Alexander J. Fry walk you through the seven domains within the CSSLP's Common Body of Knowledge (CBK): secure software concepts, secure software requirements, secure software design, secure software implementation/coding, secure software testing, software acceptance, and lastly, software deployment, operations, maintenance, and disposal. They address the fundamental security concepts of confidentiality, integrity, availability, authentication, authorization, and auditing, and convey the key concepts and principles that the CSSLP embodies. The combination of this essential information along with hundreds of featured review questions thoroughly prepares you for taking the CSSLP examination.
The CSSLP Prep Guide covers vital topics in the area of software security in addition to imparting beneficial insight for taking the Certification exam, and covers topics such as:
Translating security requirements into application design elements
Testing for security functionality and resiliency to attacks
Developing secure code
Identifying and mitigating software security abuse
Dealing with security implications during software development
Countering the increasing threats against software vulnerabilities
About the Author
Ronald l. Krutz, PhD, PE, CISSP, ISSEP, is a senior information system security consultant. He has more than thirty years of experience in distributed computing systems, computer architectures, real-time systems, information assurance methodologies, and information security training. He holds B.S., M.S., and Ph.D. degrees in electrical and computer engineering and is the author of bestselling texts in the area of information system security.
Alexander J. Fry, CSSLP, CISSP, ISSAP, ISSEP, LPT, is Principal Security Consultant at Strong Crypto LLC. He is active in the software assurance community and involved in web application security education and training.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
The exam is filled with subjectivity as you really have to understand the mindset of the person writing the question as the answers are what is BEST or PRIMARY or MOST IMPORTANT OR MUST BE DONE and the book can't really prepare you for that.
It will still be used as an excellent piece of reference material for buidling the overall security program within my organization but if I didn't pass the exam I will wait for the ISC(2) book or take a boot camp class to prepare for the re-take.
The book came in great condition and cheap, covers a wide range of information even it's not deep.
I would say the seller is great, fast shipment.
One would think that after reading the PREP books a few times, you would be confident to answer at least 70% of the questions. Not in this case. After siting the exam, it turns out that you cannot directly find the answer from the book for most, if not all, of the questions. Like the review from another reviewer, this book CANNOT prepare you for the "MOST COMMON" or "FIRST THING TO DO", "LAST THING", "MOST EFFICIENT" kind of questions.
This book can be used as one of the reference material. But if you do not have intensive security software development experience, please do not use this book as the sole study material. You will be overwhelmed in the exam.
Finally, the shortcoming of the book might not be the book itself, it might be the structure of the exam instead. I hope the coming Official ISC book will give more guidance and examples for further candidates and prep book authors.