- Save 10% on Books for Schools offered by Amazon.co.uk when you purchase 10 or more of the same book. Here's how (terms and conditions apply) Enter code SCHOOLS2016 at checkout. Here's how (terms and conditions apply)
Official (ISC)2 Guide to the CSSLP (ISC2 Press) Hardcover – 22 Jun 2011
|New from||Used from|
- Choose from over 13,000 locations across the UK
- Prime members get unlimited deliveries at no additional cost
- Find your preferred location and add it to your address book
- Dispatch to this address when you check out
There is a newer edition of this item:
Special Offers and Product Promotions
Customers Who Viewed This Item Also Viewed
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
About the Author
Manoranjan (Mano) Paul is the Software Assurance Advisor for the (ISC)2, the global leader in information security education and certification, representing and advising the organization on software assurance strategy, training, education and certification. His information security and software assurance experience includes designing and developing security programs from compliance-to-coding, security in the SDLC, writing secure code, risk management, security strategy, and security awareness training and education.
Mr. Paul started his career as a shark researcher in the Bimini Biological Field Station, Bahamas. His educational pursuit took him to the University of Oklahoma where he received his Business Administration degree in Management Information Systems (MIS) with various accolades and the coveted 4.0 GPA. Following his entrepreneurial acumen, he founded and serves as the CEO & President of Express Certifications, a professional certification assessment and training company that developed studISCope, (ISC)2's official self assessment offering for prospective certification candidates. Express Certifications is also the self assessment testing company behind the US Department of Defense certification education program as mandated by the 8570.1 directive. He also founded SecuRisk Solutions, a company that specializes in security product development and consulting.
Before Express Certifications and SecuRisk Solutions, Mr. Paul played several roles from software developer, quality assurance engineer, logistics manager, technical architect, IT strategist, and security engineer/program manager/strategist at Dell Inc. Mr. Paul is an appointed faculty member and Vice President of the Capitol of Texas Information System Security Association (ISSA) chapter. He is a contributing author for the Information Security Management Handbook, writes periodically for the Certification magazine and has contributed to security topics for the Microsoft Solutions Developer Network (MSDN). He has been featured in various domestic and international security conferences and is an invited speaker and panelist, delivering talks and keynotes in conferences such as the CSI (Computer Security Institute), Burton Group Catalyst, SC World Congress, TRISC (Texas Regional Infrastructure Security Conference) and OWASP. Mr. Paul holds the following professional certifications - CSSLP, CISSP, AMBCI, MCSD, MCAD, CompTIA Network+ and the ECSA certification.
What Other Items Do Customers Buy After Viewing This Item?
Most Helpful Customer Reviews on Amazon.com (beta)
1. Secure Software Concepts
Good explanation of standards, best practices, methodologies, and frameworks. Regulations and Trusted Computing Base (TCB) are very much like in the CISSP books.
2. Secure Software Requirements
Again good description of Authentication and Protection Needs Elicitation (PNE). Authorization is the same as for CISSP.
3. Secure Software Design
Threat Modeling, architecture, and technologies are very well laid out.
4. Secure Software Implementation
Development methodologies, vulnerabilities, and defensive techniques are thoroughly discussed. The complete list of OWASP vulnerabilities is shown and possible counter measures proposed. Personally, chapters 3 and 4 are the ones I appreciated the most in this book.
5. Secure Software Testing
Testing methods are listed in detail. Good part.
6. Software Acceptance
This chapter is mainly about Change Management and Intellectual Property Rights in all its flavours (again, the latter reminded me of CISSP CBK).
7. Software Deployment
Subjects like installation, maintenance, incident and problem management, and disposal are well addressed (parts of this content can be found in CISSP literature).
I recommend this book as an excellent reference guide for the CSSLP exam (but not necessarily for the Software Security domain as such...which may lead to a long discussion of real life vs certifications). I would have wished it to include a CD which makes it so much easier to search for keywords. I would guess that about half of this book's content is already covered by CISSP CBK. But this is due to (isc)2's strategic decision and does not decrease my appreciation for the book in question.
In the meantime I passed the CSSLP test successfully and this book had been my only preparation item.
As most material about secure development, the autor can't separate what is relevant for developers and what is relevant for sysadmins. Even on the chapter about coding, there is plenty of information for sysadmins.
Additionally, I think the autor don't have much broad knowledge about software development, only about Microsoft techonologies. He uses Microsoft terminology even when the market commonly uses other terms. I also read the most absurd affirmation in this book: the author wrote that a version control system has to support file lock in order to prevent that 2 developers don't alter the same file at the same time. WTF?! I don't know if Paul Mano never coded in an agile project or if he was protecting the interests of Microsoft (both SourceSafe and TFS lock files).
To complete, there are some themes aborded that have nothing to do with objective of the book. For example, tips about logging out from web applications and cleaning the cookies (this tips are supposed to be targeted to users) and a session about copyright and patents (the author forgot to explain why he was writing about it in a book about security).
Nevertheless, the book is not all bad (that is why I'm giving 2 stars) but I don't recomend it and I'm still searching for better material to software developers interested in application security.