CSSLP 2024: Secure Software Testing

Skillsoft issued completion badges are earned based on viewing the percentage required or receiving a passing score when assessment is required. Domain 6 of the CSSLP, Secure Software Testing, contains some of the most stunningly creative topics in the entire curriculum. For example, fuzz testing has been used to uncover not just vulnerabilities, but even obscure undocumented functionality. In this course, you’ll learn how to contrast functional and non-functional security testing, white-box and black-box testing, while exploring testing environments in known and unknown configurations. Then, you’ll explore security standards and guidelines, including the OWASP Testing Guide, SEI CERT best practices, OSSTMM framework, and NISTIR 8397. Next, you’ll learn about vulnerability scanning and penetration testing, including attack surface validation, fuzz testing, simulation testing, and failure testing. You’ll analyze the importance of entropy in cryptographic validation, study pseudorandom number generators, and study the role of undocumented functionality in secure development. Finally, you’ll distinguish between defects, errors, and vulnerabilities, learn about CVSS scores, and review verification, validation, and acceptance testing techniques to ensure software quality and usability. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.