Overview
-
Review essential software and systems security concepts and best practices as you prepare for the CySA+ (CS0-002) exam. Learn about software testing, encryption, and more.
Syllabus
-
Introduction
- Software and systems security
- What you should know
- Study resources
- Software platforms
- Development methodologies
- Maturity models
- Change management
- DevOps and DevSecOps
- Code review
- Software testing
- Code tests
- Fuzz testing
- Interface testing
- Misuse case testing
- Test coverage analysis
- Input validation
- Parameterized queries
- Authentication and session management issues
- Data protection
- Output encoding
- Error and exception handling
- Code repositories
- Code signing
- SOAP and REST
- SOA and microservices
- Operating system types
- Data encryption
- Hardware and firmware security
- Peripheral security
- Physical asset management
- Understanding encryption
- Symmetric and asymmetric cryptography
- Goals of cryptography
- Choosing encryption algorithms
- Key exchange
- Diffie-Hellman
- Trust models
- PKI and digital certificates
- Hash functions
- Digital signatures
- Creating a digital certificate
- Revoking a digital certificate
- Planning a penetration test
- Designing penetration tests
- Exploitation frameworks
- Interception proxies
- Penetration test reporting
- Training and exercises
- Reverse engineering software
- Reverse engineering hardware
- Virtualization
- Desktop and application virtualization
- Containerization
- Security zones
- VLANs
- Isolating sensitive systems
- Virtual private networks (VPNs)
- Software-defined networking
- What is the cloud?
- Cloud computing roles
- Cloud compute resources
- Cloud storage
- Cloud networking
- Cloud databases
- Cloud orchestration
- Cloud auditing tools
- Deception technologies
- Next steps
