FREE Delivery in the UK.
Only 1 left in stock (more on the way).
Dispatched from and sold by Amazon. Gift-wrap available.
Official (ISC)2 Guide to ... has been added to your Basket
+ £2.80 UK delivery
Used: Very Good | Details
Condition: Used: Very Good
Comment: Delivery within 9-11 working days. Prompt dispatch, professional packaging. Please note this item is in a very good condition. Friendly customer service!
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 3 images

Official (ISC)2 Guide to the CSSLP (ISC2 Press) Hardcover – 22 Jun 2011

See all formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
£47.15 £21.04
Promotion Message 10% Bulk Discount 1 Promotion(s)

Note: This item is eligible for click and collect. Details
Pick up your parcel at a time and place that suits you.
  • Choose from over 13,000 locations across the UK
  • Prime members get unlimited deliveries at no additional cost
How to order to an Amazon Pickup Location?
  1. Find your preferred location and add it to your address book
  2. Dispatch to this address when you check out
Learn more

There is a newer edition of this item:

£55.99 FREE Delivery in the UK. Only 1 left in stock (more on the way). Dispatched from and sold by Amazon. Gift-wrap available.
click to open popover

Special Offers and Product Promotions

  • Save 10% on Books for Schools offered by when you purchase 10 or more of the same book. Here's how (terms and conditions apply) Enter code SCHOOLS2016 at checkout. Here's how (terms and conditions apply)

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone

To get the free app, enter your mobile phone number.

Product details

Product Description

About the Author

Manoranjan (Mano) Paul is the Software Assurance Advisor for the (ISC)2, the global leader in information security education and certification, representing and advising the organization on software assurance strategy, training, education and certification. His information security and software assurance experience includes designing and developing security programs from compliance-to-coding, security in the SDLC, writing secure code, risk management, security strategy, and security awareness training and education.

Mr. Paul started his career as a shark researcher in the Bimini Biological Field Station, Bahamas. His educational pursuit took him to the University of Oklahoma where he received his Business Administration degree in Management Information Systems (MIS) with various accolades and the coveted 4.0 GPA. Following his entrepreneurial acumen, he founded and serves as the CEO & President of Express Certifications, a professional certification assessment and training company that developed studISCope, (ISC)2's official self assessment offering for prospective certification candidates. Express Certifications is also the self assessment testing company behind the US Department of Defense certification education program as mandated by the 8570.1 directive. He also founded SecuRisk Solutions, a company that specializes in security product development and consulting.

Before Express Certifications and SecuRisk Solutions, Mr. Paul played several roles from software developer, quality assurance engineer, logistics manager, technical architect, IT strategist, and security engineer/program manager/strategist at Dell Inc. Mr. Paul is an appointed faculty member and Vice President of the Capitol of Texas Information System Security Association (ISSA) chapter. He is a contributing author for the Information Security Management Handbook, writes periodically for the Certification magazine and has contributed to security topics for the Microsoft Solutions Developer Network (MSDN). He has been featured in various domestic and international security conferences and is an invited speaker and panelist, delivering talks and keynotes in conferences such as the CSI (Computer Security Institute), Burton Group Catalyst, SC World Congress, TRISC (Texas Regional Infrastructure Security Conference) and OWASP. Mr. Paul holds the following professional certifications - CSSLP, CISSP, AMBCI, MCSD, MCAD, CompTIA Network+ and the ECSA certification.

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

There are no customer reviews yet on
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on (beta) 4.5 out of 5 stars 11 reviews
9 of 10 people found the following review helpful
5.0 out of 5 stars Very good support for CSSLP exam 31 Aug. 2011
By J.Blum - Published on
Format: Hardcover
To begin with, in my opinion this book is a good source for understanding the fundamentals of Secure Software Development. It is written in a very understandable way such that I believe that security professionals, developers, software architects, as well as IT managers could profit from reading it. The book, which comes to my regret without CD, is structured as follows (i.e., CSSLP domains):

1. Secure Software Concepts
Good explanation of standards, best practices, methodologies, and frameworks. Regulations and Trusted Computing Base (TCB) are very much like in the CISSP books.

2. Secure Software Requirements
Again good description of Authentication and Protection Needs Elicitation (PNE). Authorization is the same as for CISSP.

3. Secure Software Design
Threat Modeling, architecture, and technologies are very well laid out.

4. Secure Software Implementation
Development methodologies, vulnerabilities, and defensive techniques are thoroughly discussed. The complete list of OWASP vulnerabilities is shown and possible counter measures proposed. Personally, chapters 3 and 4 are the ones I appreciated the most in this book.

5. Secure Software Testing
Testing methods are listed in detail. Good part.

6. Software Acceptance
This chapter is mainly about Change Management and Intellectual Property Rights in all its flavours (again, the latter reminded me of CISSP CBK).

7. Software Deployment
Subjects like installation, maintenance, incident and problem management, and disposal are well addressed (parts of this content can be found in CISSP literature).

I recommend this book as an excellent reference guide for the CSSLP exam (but not necessarily for the Software Security domain as such...which may lead to a long discussion of real life vs certifications). I would have wished it to include a CD which makes it so much easier to search for keywords. I would guess that about half of this book's content is already covered by CISSP CBK. But this is due to (isc)2's strategic decision and does not decrease my appreciation for the book in question.

In the meantime I passed the CSSLP test successfully and this book had been my only preparation item.
2 of 2 people found the following review helpful
5.0 out of 5 stars Good for passing CSSLP 17 Dec. 2012
By oedo808 - Published on
Format: Kindle Edition Verified Purchase
I read this and took the CSSLP exam back in July. I passed but they don't tell me what percentage it was. I thought the book was decent as an introduction although for the majority of the information you had to look up the many articles they referenced for a more detailed reference.
9 of 13 people found the following review helpful
2.0 out of 5 stars Forget it if you are looking for some material about secure development 10 April 2012
By Rodrigo Carvalho - Published on
Format: Hardcover
I bought this book thinking it would be good material to get deep knowledge about secure software development but I was disapointed.

As most material about secure development, the autor can't separate what is relevant for developers and what is relevant for sysadmins. Even on the chapter about coding, there is plenty of information for sysadmins.

Additionally, I think the autor don't have much broad knowledge about software development, only about Microsoft techonologies. He uses Microsoft terminology even when the market commonly uses other terms. I also read the most absurd affirmation in this book: the author wrote that a version control system has to support file lock in order to prevent that 2 developers don't alter the same file at the same time. WTF?! I don't know if Paul Mano never coded in an agile project or if he was protecting the interests of Microsoft (both SourceSafe and TFS lock files).

To complete, there are some themes aborded that have nothing to do with objective of the book. For example, tips about logging out from web applications and cleaning the cookies (this tips are supposed to be targeted to users) and a session about copyright and patents (the author forgot to explain why he was writing about it in a book about security).

Nevertheless, the book is not all bad (that is why I'm giving 2 stars) but I don't recomend it and I'm still searching for better material to software developers interested in application security.
1 of 1 people found the following review helpful
5.0 out of 5 stars Great IT Security Reference Book 8 April 2013
By Todd - Published on
Format: Kindle Edition Verified Purchase
Paul Mano does a great job with presenting software life cycle development for security in a way that doesn't leave you wishing you had more information. It is all relative and up to date. Plus, his writing skills are impeccable, making the information entertaining. After personally meeting this guy and hearing him speak, I can assure you he is worth reading when it comes to preparing for the CSSLP certification or just to keep as a research guide.
1 of 1 people found the following review helpful
4.0 out of 5 stars Best Available CSSLP book 17 Aug. 2014
By Steven M. Leydorf - Published on
Format: Hardcover Verified Purchase
The best of the bunch of books that I studied for the CSSLP. Problem with the CSSLP is that it is ill defined as to what will be covered, and so every book is really different. That gives the applicant a bad feeling.
Were these reviews helpful? Let us know