CompTIA CySA+ Study Guide Exam CS0-002 by Mike Chapple & David Seidl

Author:Mike Chapple & David Seidl [Chapple, Mike & Seidl, David]
Language: eng
Format: epub
ISBN: 9781119684114
Publisher: Wiley
Published: 2020-07-28T00:00:00+00:00

Exam Note

The CySA+ exam objectives mention six specific coding best practices: input validation, output encoding, session management, authentication, data protection, and parameterized queries. This is a smaller and less developed list than what OWASP and other organizations maintain, but it is what you can expect to be tested on. Our list includes a broader range of practices to help prepare you for real-world work as well as the exam!

One of the best resources for secure coding practices is the Open Web Application Security Project (OWASP). OWASP is the home of a broad community of developers and security practitioners, and it hosts many community-developed standards, guides, and best practice documents, as well as a multitude of open source tools. OWASP provides a regularly updated list of proactive controls that is useful to review not only as a set of useful best practices, but also as a way to see how web application security threats change from year to year.

Here are OWASP's current top proactive controls (updated in 2018) with brief descriptions:

Define Security Requirements Document what security the software needs and how it should be implemented.

Leverage Security Frameworks and Libraries Use existing security tools to make it easier to develop securely.

Secure Database Access Databases contain most of the important data in modern applications, making database security a key concern.

Encode and Escape Data Ensure that attackers can't embed code or special characters in ways that will be executed or otherwise may cause harm to the application.

Validate All Inputs Treat user input as untrusted and filter appropriately.

Implement Digital Identity Identity is a core security layer, including things like using multifactor authentication, secure password storage and recovery, and session handling.

Enforce Access Controls Require all requests to go through access control checks, deny by default, and apply the principle of least privilege.

Protect Data Everywhere Use encryption in transit and at rest.

Implement Security Logging and Monitoring This helps detect problems and allows investigation after the fact.

Handle All Errors and Exceptions Errors should not provide sensitive data, and applications should be tested to ensure that they handle problems gracefully.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.