Certified Information Systems Security Professional, CISSP, Part 6 of 9: Security Architecture and Apps
Interactive

Certified Information Systems Security Professional, CISSP, Part 6 of 9: Security Architecture and Apps

Biz Library
Updated Jan 21, 2020

This course discusses security architecture and models. it starts with the common concerns about security within software, risk management and how it integrates. Next, web applications, compliance with standards and investigate database security issues. Finally the role of artificial intelligence and knowledge discovery, software development models and change control processes. This course contains the following lessons:

Lesson 1:

  • ESA Definition
  • What Is Architecture?
  • Architecture Components
  • Objectives of Security Architecture
  • Technology Domain Modeling
  • Integrated Security is Designed Security
  • Security by Design.

Lesson 2:

  • Architectural Models
  • Virtual Machines
  • Cloud Computing.

Lesson 3:

  • Memory Types
  • Virtual Memory
  • Memory Management
  • Accessing Memory Securely
  • Different States and System Functionality
  • Types of Compromises
  • Disclosing Data in an Unauthorized Manner
  • Circumventing Access Controls
  • Attacks
  • Attack Type: Race Condition
  • Attack Type: Data Validation
  • Attacking Through Applications
  • Buffer Overflow
  • Attack Characteristics
  • Attack Types
  • More Attacks
  • Host Name Resolution Attacks
  • Even More Attacks
  • Watching Network Traffic
  • Traffic Analysis
  • Cell Phone Cloning and Illegal Activities
  • Summary.

Lesson 4:

  • How Did We Get Here
  • Device vs. Software Security
  • Why Are We Not Improving at a Higher Rate
  • Usual Trend of Dealing with Security
  • Where to Implement Security
  • The Objective
  • Systems Security
  • Systems Security
  • Programming Environment
  • Security of Embedded Systems.

Lesson 5:

  • SDLC
  • Integration of Risk Management into the SDLC
  • Development Methodologies
  • Maturity Models
  • Secure Programming
  • Programming Errors
  • Security Issues
  • Outsourced Development
  • Trusted Program Modules
  • Middleware.

Lesson 6:

  • OWASP Top Ten
  • Modularity of Objects
  • Object-Oriented Programming Characteristic
  • Module Characteristics
  • Linking Through COM
  • Mobile Code with Active Content
  • World Wide Web OLE
  • ActiveX Security
  • Java and Applets
  • Common Gateway Interface
  • Cookies
  • PCI Requirements
  • PA-DSS Requirements
  • Vendor-Supplied Software
  • Virtual Systems
  • Virtualization Types
  • Cloud Computing
  • Summary.