Description

Review essential software and systems security concepts and best practices as you prepare for the CySA+ (CS0-002) exam. Learn about software testing, encryption, and more.

Tags

Syllabus

Syllabus IntroductionSoftware and systems securityWhat you should knowStudy resources1. Software Development Life CycleSoftware platformsDevelopment methodologiesMaturity modelsChange managementDevOps and DevSecOps2. Software Assessment and TestingCode reviewSoftware testingCode testsFuzz testingInterface testingMisuse case testingTest coverage analysis3. Secure Coding Best PracticesInput validationParameterized queriesAuthentication and session management issuesData protectionOutput encodingError and exception handlingCode repositoriesCode signing4. Service Oriented ArchitectureSOAP and RESTSOA and microservices5. Secure Systems DesignOperating system typesData encryptionHardware and firmware securityPeripheral securityPhysical asset management6. Encryption and Certificate ManagementUnderstanding encryptionSymmetric and asymmetric cryptographyGoals of cryptographyChoosing encryption algorithmsKey exchangeDiffie-HellmanTrust modelsPKI and digital certificatesHash functionsDigital signaturesCreating a digital certificateRevoking a digital certificate7. Penetration TestingPlanning a penetration testDesigning penetration testsExploitation frameworksInterception proxiesPenetration test reportingTraining and exercises8. Reverse EngineeringReverse engineering softwareReverse engineering hardware9. VirtualizationVirtualizationDesktop and application virtualizationContainerization10. NetworkingSecurity zonesVLANsIsolating sensitive systemsVirtual private networks (VPNs)Software-defined networking11. Cloud ComputingWhat is the cloud?Cloud computing rolesCloud compute resourcesCloud storageCloud networkingCloud databasesCloud orchestrationCloud auditing tools12. Extending DefensesDeception technologiesConclusionNext steps Read more