parsonsisconsulting

Parsons Software Security Consulting Blog

CSSLP the beginning: What is secure software development?

leave a comment »

Image

 

So lets talk about what we are trying to accomplish becoming a CSSLP.   In order to be a CSSLP you need to understand the basic concepts of software security.  

 

 

 

  • Confidentiality– keeping data private that is sensitive.
  • Authentication– verifying the entity that they are who they say they are.
  • Session management– HTTP is a stateless protocol and this is usually managed by cookies.  States or session are sensitive.
  • Integrity-  making sure the books stay straight and that data is not modified
  • Authorization-  the entity has the clearance to do what he or she is supposed to do no more or no less.  This also ties with the principle of least privilege.
  • Exceptions management– that the software systems handles errors properly and maintains a fail safe secure state.
  • Availability  that the software system is up and running when it needs to, to support the business. 
  • Auditing– the who, what, where and when questions to an activity. 
  • Configuration management– making sure that that vulnerabilities are not introduced to software systems when making changes. 

 

 http://www.isc2.org

Matt Parsons, CISSP, MSM

 

 

 

mparsons@parsonsisconsulting.com

 

 

 

 

 

Written by mparsons1980

January 7, 2014 at 11:40 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: