(ISC)² ® CSSLP Domain 3: Secure Software Architecture and Design

Domain 3: Secure Software Architecture and Design (14%) This domain contains 14% weightage of the CSSLP exam. This domain focuses on secure software architecture and design. It explains the importance of secure architecture and design, identifying and managing security risks to an application. It explains the risk management and implementation of software design and architecture. It walks you through the various software architectures available and explains the security benefits. The following are the main aspects of this domain: Perform threat modeling Define the security architecture Performing secure interface design Performing architectural risk assessment Model (non-functional) security properties and constraints Model and classify data Evaluate and select reusable secure design Perform security architecture and design review Define secure operational architecture Use secure architecture and design principles, patterns, and tools (ISC)² ® CSSLP Domain 3: Secure Software Architecture and Design (14%)