You're reading from CCSP (ISC)2 Certified Cloud Security Professional Exam Guide Build your knowledge to pass the CCSP exam with expert guidance

Product type Paperback

Published in Jun 2024

Publisher Packt

ISBN-13 9781838987664

Length 560 pages

Edition 1st Edition

Concepts

Cloud Security

Authors (2):

Omar A. Turner

Ms. Navya Lakshmana

View More author details

Table of Contents (27) Chapters

Preface

1. Chapter 1: Core Cloud Concepts

2. Chapter 2: Cloud Reference Architecture FREE CHAPTER

3. Chapter 3: Top Threats and Essential Cloud Security Concepts and Controls

4. Chapter 4: Design Principles for Secure Cloud Computing

5. Chapter 5: How to Evaluate Your Cloud Service Provider

6. Chapter 6: Cloud Data Security Concepts and Architectures

7. Chapter 7: Data Governance Essentials

8. Chapter 8: Essential Infrastructure and Platform Components for a Secure Data Center

9. Chapter 9: Analyzing Risks

10. Chapter 10: Security Control Implementation

11. Chapter 11: Planning for the Worst-Case Scenario – Business Continuity and Disaster Recovery

12. Chapter 12: Application Security

13. Chapter 13: Secure Software Development Life Cycle

14. Chapter 14: Assurance, Validation, and Verification in Security

15. Chapter 15: Application-Centric Cloud Architecture

16. Chapter 16: IAM Design

17. Chapter 17: Cloud Physical and Logical Infrastructure (Operationalization and Maintenance)

18. Chapter 18: International Operational Controls and Standards

19. Chapter 19: Digital Forensics

20. Chapter 20: Managing Communications

21. Chapter 21: Security Operations Center Management

22. Chapter 22: Legal Challenges and the Cloud

23. Chapter 23: Privacy and the Cloud

24. Chapter 24: Cloud Audit Processes and Methodologies

25. Chapter 25: Accessing the Online Practice Resources

26. Other Books You May Enjoy

Avoiding Vulnerable Code

Now that you have discovered how frameworks and models can be used to avoid vulnerable code, this section will reinforce some practical steps that can be undertaken to accomplish the same. The practical steps are as follows:

Integrate security concerns into each phase of the SDLC: Starting with the requirements collecting phase, security issues should be included in every phase of the SDLC. This guarantees that security threats are discovered and handled throughout the development process.
Use threat modeling with the STRIDE technique to detect potential security threats: Using the STRIDE methodology, the development team may determine the potential security dangers that the software could face such as spoofing, tampering, repudiation, information leakage, DoS, and elevation of privilege.
Apply mitigation techniques: Once the possible security threats have been identified, the development team can develop and apply mitigation techniques to mitigate...

The rest of the chapter is locked

You're reading from CCSP (ISC)2 Certified Cloud Security Professional Exam Guide Build your knowledge to pass the CCSP exam with expert guidance

Table of Contents (27) Chapters

Avoiding Vulnerable Code

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you