- Security+ SY0-601 Certification
- Security+ SY0-601: Passing the Security+ Exam
- Security+ SY0-601: Definitions and Catchwords
- Security+ SY0-601: 1.0 Threats, Attacks, and Vulnerabilities
- Security+ SY0-601: 1.1 Social Engineering Techniques
- Security+ SY0-601: 1.2 Indicators of Attack
- Security+ SY0-601: 1.3 Application Attacks
- Security+ SY0-601: 1.4: Network Attack Indicators
- Security+ SY0-601: 1.5: Threat Actors, Vectors, and Intelligence Sources
- Security+ SY0-601: 1.6: Vulnerabilities
- Security+ SY0-601: 1.7: Security Assessment
- Security+ SY0-601: 1.8: Penetration Testing
- Security+ SY0-601: 2.0 Architecture and Design
- Security+ SY0-601: 2.1 Enterprise Security Architecture
- Security+ SY0-601: 2.2: Virtualization and Cloud Security
- Security+ SY0-601: 2.3: Secure Application Development, Deployment and Automation
- Security+ SY0-601: 2.4: Authentication and Authorization
- Security+ SY0-601: 2.5: Implementing Cybersecurity Resilience
- Security+ SY0-601: 2.6: Embedded and Specialized Systems
- Security+ SY0-601: 2.7: Physical Security Controls
- Security+ SY0-601: 2.8: Cryptography
- Security+ SY0-601: 3.0: Implementation
- Security+ SY0-601: 3.1 Secure Protocols
- Security+ SY0-601: 3.2: Host and Application Security
- Security+ SY0-601: 3.3: Secure Network Design
- Security+ SY0-601: 3.4: Wi-Fi Security
- Security+ SY0-601: 3.5: Secure Mobile Solutions
- Security+ SY0-601: 3.6: Cybersecurity Solutions in the Cloud
- Security+ SY0-601: 3.7: Identity and Account Management Controls
- Security+ SY0-601: 3.8: Implement Authentication and Authorization Solutions
- Security+ SY0-601: 3.9: Public Key Infrastructure
- Security+ SY0-601: 4.0: Operations and Incident Response
- Security+ SY0-601: 4.1: Tools to Assess Organizational Security
- Security+ SY0-601: 4.2: Policies, Processes, and Procedures for Incident Response
- Security+ SY0-601: 4.3: Appropriate Data Sources for Investigation
- Security+ SY0-601: 4.4: Mitigation Techniques
- Security+ SY0-601: 4.5: Digital Forensics
- Security+ SY0-601: 5.0: Governance, Risk, and Compliance
- Security+ SY0-601: 5.1: Types of Controls
- Security+ SY0-601: 5.2 Regulations, Standards, and Frameworks
- Security+ SY0-601: 5.3: Policies and Organizational Security
- Security+ SY0-601: 5.4: Risk Management Processes and Concepts
- Security+ SY0-601: 5.5: Privacy and Sensitive Data
- Security+: My Favorite Free Tools
- Security+ : Sample Questions
- Passing the CompTIA Exams
- Understanding CompTIA Objectives Using Bloom’s Taxonomy
Chapter 11: Secure Application Development, Deployment and Automation
Software Repositories
https://www.freecodecamp.org/news/what-is-git-and-how-to-use-it-c341b049ae61/
Environments
Development
Test
Staging
Production
QA: Quality Assurance
Let’s look at this topic from the standpoint of the type of questions you may be asked.
https://passcomptia.com/comptia-security/comptia-security-question-g-61/
https://passcomptia.com/comptia-security/comptia-security-question-c-99/
Provisioning and Deprovisioning
Integrity Measurement
NOT hashing
Working on the correct version
Secure Coding Techniques
Normalization
Stored Procedures
Obfuscation / Camouflage
Code Reuse and Dead Code
Server-Side vs. Client-Side Execution and Validation
Javascript: in the browser, easily hackable
PHP / Python / ASP / Ruby / etc.: on the server, and trickier to hack
Memory Management
Third-Party Libraries and SDKs
Data Exposure
Error Handling
Input Validation
Code Quality and Testing
Static vs. Dynamic Analysis (fuzzing)
Stress Testing
Sandboxing
Model Verification
Model – View – Control app dev model
https://www.visual-paradigm.com/guide/uml-unified-modeling-language/what-is-model-view-control-mvc/
OWASP: Open Web Application Security Project
https://owasp.org/www-project-top-ten/
Software Diversity
Compilers
Binaries
Default locations in memory
ASLR – NOT an acronym on the 601 test, but the (Windows) cure for default DLL location attacks
https://en.wikipedia.org/wiki/Address_space_layout_randomization
Automation and Scripting
Automated Courses of Action
Continuous Monitoring
Continuous Validation
Continuous Integration
Continuous Delivery
Continuous Deployment
DevOps
Elasticity
Moving to a more powerful server
Scalability
Moving to more servers
Version Control and Change Management
https://bitbucket.org/product/code-repository
Waterfall vs. Agile Methodologies (NOT on the 601 test)
Scrum and XP