Application vulnerabilities continue to top the list of cyber security
concerns. While attackers and researchers continue to expose new
application vulnerabilities, the most common application flaws are
previous, rediscovered threats. For example, SQL injection and
cross-site scripting (XSS) have appeared on the Open Web Application
Security Project (OWASP) Top 10 list year after year over the past
decade. This high volume of known application vulnerabilities suggests
that many development teams do not have the security resources needed to
address all potential security flaws and a clear shortage of qualified
professionals with application security skills exists. Without action,
this soft underbelly of business and governmental entities has and will
continue to be exposed with serious consequences-data breaches,
disrupted operations, lost business, brand damage, and regulatory fines.
This is why it is essential for software professionals to stay current
on the latest advances in software development and the new security
threats they create.
Recognized as one of the best application security tools available for
professionals involved in software development, the Official
(ISC)2(R) Guide to the CSSLP(R) CBK(R),
Second Edition, is both up-to-date and relevant, reflecting the latest
developments in this ever-changing field and providing an intuitive
approach to the CSSLP Common Body of Knowledge (CBK). It provides a
robust and comprehensive study of the 8 domains of the CBK, covering
everything from ensuring software security requirements are included in
the software design phase to programming concepts that can effectively
protect software from vulnerabilities to addressing issues pertaining to
proper testing of software for security, and implementing industry
standards and practices to provide a high level of assurance that the
supply chain is secure-both up-stream. The book discusses the issues
facing software professionals today, such as mobile app development,
developing in the cloud, software supply chain risk management, and
more.
Numerous illustrated examples and practical exercises are included in
this book to help the reader understand the concepts within the CBK and
to enable them to apply these concepts in real-life situations. Endorsed
by (ISC)2 and written and reviewed by CSSLPs and other
(ISC)2 members, this book serves as an unrivaled study tool
for the certification exam and an invaluable career reference. Earning
your CSSLP is an esteemed achievement that validates your efforts in
security leadership to help your organization build resilient software
capable of combating the security threats of today and tomorrow.