Protect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance Sponsored by the U.S. Department of Homeland Security (DHS), the Software Engineering Institute (SEI) at Carnegie Mellon University developed recommendations for a Master of Software Assurance degree program, and college- and community college-level courses specializing in software assurance. By creating course guidelines for teaching software assurance in a university program, SEI aims to support demand for industry practitioners educated in secure software development practices, who can enter the workforce with the knowledge and skills required to protect software systems from vulnerabilities and attacks. Software Development for the Cyber World Requires Security Leaders In today s cybersecurity threat landscape, software applications not only need to function correctly, they must have security built in from the start. There is growing demand in the workforce across corporations, government, and military organizations for software assurance leaders with the knowledge and expertise to build secure, hacker-resistant applications. Build a Team of CSSLP-Certified Software Professionals (ISC) 2 Certified Secure Software Lifecycle Professional (CSSLP ) is the only certification designed to ensure that security is considered throughout the entire software development lifecycle. This industry-leading certification meets the highest standard of education and training, fully consistent with graduate-level course curriculum in software assurance recommended by the Software Engineering Institute (SEI) at Carnegie Mellon University. (ISC)² is the global leader in information and application security credentials. Besides CSSLP certification, (ISC) 2 also offers a realworld training program that maps to the recommendations established by SEI for a master s-level degree in software assurance. The CSSLP CBK (Common Body of Knowledge) education curriculum developed by (ISC) 2 contains the largest, most comprehensive collection of best practices, policies, and procedures to ensure a security initiative across all phases of application development, regardless of methodology. The CSSLP certification provides employers with industry-leading validation of an employee s professional expertise in secure software development practices. For more information on CSSLP, visit www.isc2.org/csslp. For information on the (ISC)² Global Academic Program, visit: www.isc2.org/academic. For more information on the SEI Software Assurance Curriculum Project, visit www.cert.org/mswa.
Carnegie Mellon SEI Recommendations and Alignment With CSSLP Certification The following charts detail how the CSSLP certification program aligns with SEI recommendations for a Master of Software Assurance degree program and undergraduate and community college courses specializing in software assurance. Master of Software Assurance Course Curriculum Assured Software Development 1 (ASD1) Course This course covers the fundamentals of incorporating assurance practices, methods, and technologies into software development and acquisition lifecycle processes and models. With this foundation, the course provides students with rigorous methods for eliciting software and system assurance requirements; using threat identification, characterization, and modeling; assurance risk assessment; and misuse/abuse cases. Students will also learn how to evaluate methods and environments for creating software and systems that meet their functionality and security requirements. ASD1 Course Syllabus Week 1: Software process overview lifecycle processes including spiral, waterfall, agile, and associated activities. Discuss the entire spectrum of lifecycle activities including evolution Week 2: Discuss supply chain, acquisition, and service. Discuss Common Criteria Week 3: Introduce processes that are specific to software assurance, such as CLASP and Secure Tropos Week 4: Teach BSIMM, SAFECode and OWASP best practices Week 5: Methods for evaluation of environments, languages, and tools Week 6: Teach quality factors and quality assessment methods as they relate to early lifecycle activities. Identify the different types of stakeholders and also likely developer roles Week 7: Teach practices that improve assurance at each lifecycle phase. Include requirements engineering, architecture, and design. Include coding, test, evolution, acquisition, and retirement. Teach practices such as threat modeling, assurance risk assessment, attack trees, and misuse and abuse cases (carries into the following week)
ASD1 Course Syllabus Week 8: Teach practices such as threat modeling, assurance risk assessment, attack trees, misuse/abuse cases Week 9: Tools that can be used in the early lifecycle phases, either as part of a larger environment such as Rational or standalone tools such as SQUARE Week 10: Teach a variety of elicitation methods, including those that are generic and those that are specific to security requirements Week 11: Ways of classifying or categorizing security requirements. How to distinguish requirements from architectural and design features, and mechanisms Week 12: Requirements prioritization methods, including group methods, formal cost/benefit tradeoff analysis, and factoring risk into the tradeoff analysis process Week 13: Requirements peer reviews, inspections, and traceability of requirements to assets and security goals Assured Software Development 2 (ASD2) Course This course covers rigorous methods for specifying assurance requirements and for architecting and designing software and systems to meet those requirements. Such methods include requirements specification; applying security principles; threat identification, characterization, and modeling; misuse/ abuse cases; architectural risk analysis; architectural vulnerability assessment; and technology-specific security guidelines. ASD2 Course Syllabus Week 1: Concepts of assured development lifecycle Week 2: Assurance issues in frontend development life cycle (specification, architecture, design) Week 3: Software development environments supporting specification, architecture, and high-level design Week 4: Tools support for assured software development Week 5: Languages review
ASD2 Course Syllabus Week 6: Project constraints aspects: cost, schedule, functionality, and quality factors Week 7: Formal specification languages and technologies Week 8: Improvements in technologies to support specification, architecture, and high-level design Week 9: Architectural models and viewpoints Week 10: Architectural risk and tradeoff analysis Week 11: Methods and technologies for developing assured system and software specifications, architectures, and high-level designs Week 12: Design models and languages Week 13: Design validation and software inspections Assured Software Development 3 (ASD3) Course This course covers rigorous methods, techniques, and tools for developing secure code. Such methods include code analysis for commonly known vulnerabilities, source code review using static analysis tools, and known, language-specific practices for producing secure code. This course also covers rigorous methods and tools for inspecting, testing, verifying, and validating software and systems to demonstrate that they meet functional and security requirements. Students will learn methods for verification and validation for security assurance and how security vulnerabilities can differ from programming errors. Team inspections and correctness verification methods will be covered. Testing techniques will include threat- and attack-based testing, functional testing, risk- and usage-based testing, stress testing, black- and white-box testing, and penetration testing. ASD3 Course Syllabus Week 1: Introduction Overview of vulnerabilities and their costs Properties of secure and resilient software Week 2: Vulnerabilities CWE/SANS top 25 most dangerous programming errors Security concepts
ASD3 Course Syllabus Week 3: General Strategies Security and resilience throughout the life cycle Attack surfaces and security perimeters OWASP best practices Week 4: Development Practices Best practices for requirements, architecture and design (e.g., abuse/misuse cases, threat modeling, risk analysis, design reviews, defense in depth) Week 5: Programming Practices OWASP top 10 security risks OWASP enterprise security API Cross-site scripting Injection attacks Authentication and session management Week 6: Memory Management in C and C++ Common memory management errors (buffer overflow, stack smashing) Input validation Week 7: Strings, Pointers and Integers Common string manipulation errors Integer overflow vulnerabilities Pointer subterfuge Week 8: Other vulnerabilities in C and C++ Formatted I/O operations File I/O race conditions (e.g., Time Of Use, Time Of Check) Other file system exploits Week 9: Inspections, proofs, and code reading Code-reading techniques Formal code inspections Program verification Week 10: Static Analysis Types of static analysis Modern analysis tools (e.g., Coverity, Fortify) Week 11: Testing Best practices for unit testing Penetration testing Fuzzing Overview of Common Criteria Week 12: Insecurities in Java and other languages Runtime environment Coding practices Overview of known vulnerabilities Week 13: Trends and Resources Comprehensive, Lightweight Application Security Process (CLASP) Certificates and courses in security and software assurance CSSLP, Associate of (ISC) 2, Official (ISC) 2 CSSLP Training Seminar
Undergraduate Course Curriculum Software Security Engineering This course covers a range of topics that are relevant and tailored to software security engineering, including properties of secure software, requirements engineering, architecture and design, construction and testing, system integration/assembly, and governance and management. A summary of key practices and guidance on how to get started is provided. These are largely based on and inspired by material from the DHS Build Security In website [DHS 2010a]. Software Security Engineering Syllabus Why is security a software issue? Understanding the problem (threats, sources, assurance versus security), detecting software defects early, introduction to key practices What makes software secure? Properties of secure software, defender and attacker perspectives, attack patterns, introduction to assurance evidence Security of Web applications: consideration of network-level attacks, cross-site scripting, SQL injection Requirements engineering for secure software: importance of requirements engineering, quality Security requirements engineering, Security Quality Requirements Engineering (SQUARE) introduction, two SQUARE case studies, SQUARE extensions, technology transition Secure software architecture and design: architectural risk analysis activities (including application of security principles and guidelines) Considerations for secure coding and testing: introduction to practices (code analysis, code review, coding), software versus software security testing, security testing methods/techniques, testing throughout the software development life cycle (SDLC) Security and complexity system development challenges: security failures, perspectives for security analysis, complexity Governing and managing for more secure software: definitions and characteristics, risk management framework, project management security in the SDLC Getting started: determining where and how to begin, summary of key practices CSSLP Domain
Community College Course Curriculum Introduction to Assured Software Engineering This course covers the basic principles and concepts of assured software engineering; system requirements; secure programming in the large; modeling and testing; object-oriented analysis and design using the UML; design patterns; frameworks and APIs; client-server architecture; user interface technology; and the analysis, design, and programming of extensible software systems. Introduction to Assured Software Engineering Syllabus Introduction to software project management: project planning, estimation, configuration management, risk management; and software security process models: Building Security In Maturity Model (BSIMM), OWASP Software Assurance Maturity Model (SAMM), Microsoft Software Development Lifecycle (SDL) Role of assured software engineering: software engineering for assurance and its place as an engineering discipline Requirements analysis: requirements analysis for functional and quality requirements Introduction to software architecture: introduction to software architecture, including architectural patterns (pipe & filter, MVC), client-server computing Use and misuse cases: use cases, misuse cases, and user-centered design Design patterns: abstraction-occurrence, composite, player-role, singleton, observer, delegation, facade, adapter, etc. UML: review of object-oriented principles, UML class diagrams, and object-oriented analysis Domain modeling: examples of building class diagrams to model various domains Reusable technologies: review of reusable technologies as a basis for software engineering, risks associated with reuse (e.g. Ariane) Software behavior: representing software behavior: sequence diagrams, state machines, activity diagrams, correctness under all conditions of use Verification and validation: inspections and reviews, integration, system, and acceptance testing CSSLP Domain
The cybersecurity workforce needs software assurance professionals with security expertise. Become a CSSLP and get the only certification that validates your application security competency throughout the software development lifecycle. CSSLP training programs are conveniently delivered online and in training locations worldwide. For more information on CSSLP, visit: www.isc2.org/csslp. For information on the (ISC)² Global Academic Program, visit: www.isc2.org/academic. Follow us on Twitter (www.twitter.com/isc2) and Facebook (www.facebook.com/isc2fb).