Parsons Software Security Consulting Blog

Official (ISC2) Guide to the CSSLP book review

leave a comment »

Book Title  Official (ISC2) Guide to the CSSLP  
Author  Mano Paul, CSSLP, CISSP  
Publisher  CRC Press Taylor and Francis Group an Auerbach Book   
Publication Year  2011  
ISBN  13-978-1-4398-2006-5(ebook PDF)  
Number Of Chapters seven  
Number Of Pages 521  
Book Price 47.94  
Rate Content Awesome resource  
Review (

I enjoyed reading the Official Guide to the CSSLP.   I read it cover to cover and with the practice questions and the CSSLP practice questions I feel adequately prepared for the CSSLP exam I am taking in a few months.   I liked the fact that Michael Howard wrote the foreword.   He is considered one of the pioneers in the application security space. I have read many of his books and blog posts cover to cover.  
A few of my peers in the industry wrote essays to get their CSSLP.  I have my CISSP after taking the exam and having the necessary work experience.   I enjoyed the layout of The Official Guide to the CSSLP book because it covers all of the domains for the CSSLP.   I really enjoyed the real life examples in the book.  You can tell that the author has a lot of real world experience and did a lot of research to write this book.   I noticed on Amazon the author wrote an updated version of the Official Guide to the CSSLP. I may purchase that one as well. It was 20 dollars more than the one I have.   This book provides the foundation for a solid application security engineer by covering the topics of; secure software, secure software requirements, secure software design, secure implementation, coding, secure software testing, software acceptance and finally software deployment, operations and disposal.    The final chapter was most beneficial to me because I have the least experience in it.  I enjoyed secure software testing but much of it was content I was already aware of being an ethical application penetration tester.   
I like that ISC2 is creating this certification as it validates the experience and credentials of application security engineers like me.   I really, really enjoyed the diagrams in the book.  They were easy to read and allowed me to visually look at the content.   The core concepts of confidentiality, integrity and availability are drilled in this book.   My only complaint that there appears to be some duplicate content with stressing the confidentiality, integrity and availability of software systems.  
The reference to all of the standards including, industry, government, international and national standards was beneficial.   You find that many of the standards have similar goals of keeping with the confidentiality, integrity and availability of software applications.   The only issue I have with these is that I am having a hard time remember some of the different NIST certifications, as they are only a small difference in numbering.  I hope that with flash cards that I create from the content of the book I can adequately remember the content and be able to pass the exam. 
I was thrilled that Open Web Application Security Project was mentioned multiple times in the book.   I have been a long time member and have read many of the documents created by OWASP.   I am also a board member of OWASP Dallas and enjoy the mission and vision of OWASP making applications more secure around the world.  
I really enjoyed the review questions in this book.   I imagine the new book has more updated review questions.  I may have to buy that book just to get the new questions for the exam.   The author has lot of expertise in software security and put a lot of hard work into the book.   



Matt Parsons, CISSP, MSM


Written by mparsons1980

February 10, 2014 at 6:59 pm

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: