- The core principles of confidentiality and availability
- The basics of accountability, including auditing and logging
- Least privilege
- Fail safes, including exception handling
- Leveraging existing components
- Eliminating single points of failure
Skill Level Intermediate
- [Jerod] Hi, I'm Jerod Brennen, and welcome to the first course in the CSSLP Cert Prep series. In this course, you'll be learning about the first domain in that cert: secure software concepts. I've been working in information security long enough to have earned every gray hair in my beard, and I love sharing what I've learned over the years to help you begin applying that same knowledge today. Since you're taking this course, I have a hunch that you're interested in learning how to secure applications. You may even be committed to becoming certified as an application security professional. My goal is to help you hit your goal, and I built this course to do just that. ISC-Squared is one of the most well-known certification bodies in the infosec space, and their CISSP certification is the most popular cert in the industry. Where the CISSP focuses on a broad body of infosec knowledge, ISC-Squared created the CSSLP to help security professionals vet their knowledge on application security in particular. When hiring managers are on the lookout for someone to help improve their organization's application security, the CSSLP cert will really stand out on a candidate's resume. As someone who's held multiple hiring manager roles throughout my career, I can attest to that firsthand. The CSSLP certification covers eight security domains that are directly relevant to application security. These domains cover everything from design considerations when planning to build your own apps, to ensuring that any commercial or open source apps that you're bringing into your environment have been built securely. This particular course focuses on that first domain, secure software concepts. Are you ready to begin learning about application security and the CSSLP certification? Good, let's get started.