Official (ISC)2 Guide to the CSSLP CBK ((ISC)2 Press) 2nd Edition

A lot of other reviewers gave a poor review for grammatical errors. While they do exist, most were minor and the understanding was clear. There are a few quiz answers that are mis-lettered, but the description points to the right answer.Overall a good source for preparing for the CSSLP and a good desk reference to remind you of the complexity of the secure software life cycle.

I am cramming for this ridiculous exam because someone above my pay grade decided it was necessary all developers to have this CSSLP cert. I take the exam this Wednesday. I am doing the review questions at the end of each domain and I finally had enough with the typographical errors in the questions, the answers, the poorly used English language. It is difficult enough to cram for this horrible cert, but to have to try and figure what the question is in order to answer because it does not make sense is too much!!! This book cost me about $80.00 and the exam cost me $549.00. This is just a cash cow for ISC2, to rake in more money. If I don't pass this exam, I will blame it on the book.Note to Mano Paul, please make sure you publish a book that is free of grammatical errors. You lose credibility putting out garbage like this.Update: I am trying to review the answers to the questions that I missed at the end of each chapter, and I have found that the index does not match up at all with the book. For example, database views are said to be listed on page 310, however, after much frustration and digging I found what I was looking for on page 297. Another example, involves looking for information on SAML. The index states it is on page 292, but it is actually on page 272. This goes on and on and on. I am going to demand that I get my money back from this author or the publishing company. This book cost way too much of my hard earned cash to be wasted on this garbage.

The book does have good content. It also may be the only up to date guide book for csslp. The editing is not on professional level, which makes me follow the advise to the author to fire or get an editor as the current quality does take away at least one star.Said all this, I find this book very helpful in laying out the requirements to pass the csslp, but the governing goal is clearly to improve my understanding of how the SDLC could be enhanced or interleaved with security related tasks, milestones, and deliverables to better understand and then manage software risk. The book is pretty strong in creating the frame for such understanding and motivating by sprinkling the text with small lists of items that could easily be expanded to checklists (highly recommending the 'checklist manifesto' book to see how far checklists can get us all to 'stop the bleeding' in any domain).In conclusion, use the book as an entry point into secure SDLC, look at additional books to deepen each chapter and try to get also some programming done. The CSSLP is a certification for practitioners, not for readers. I award this book 5 stars for providing a good frame, and 3 stars for editing (generously) and for price. I assume better editing could substantially increase sales and lower price, it also would reflect positively on ISC2 with regard of the quality of the certification and test. Disclosure: I have not taken the test yet.

A great resource for anyone studying for the CSSLP exam and/or interested in securing the software lifecycle in general! One of a few books that I reference often.

It's not a 3 star as I indicated. It's either 2 star on terrible quality or 4 start on good content. Author should fire the technical editors and look for a new publisher1) A lot of good content, not a lot of depth, but still a good read.2) Really seems to have been rushed to market - not a cheap book, would have expected much better quality.3) 2nd edition adds the necessary chapter to cover the new BOK that was missing from first edition.4) From presentation perspective, quite a few typographical errors. It's annoying, but doesn't diminish the overall content quality.5) The index is absolutely useless, I can't recall if any of the dozen or times that I used it that I was ever directed to the correct page.6) The questions at the end of the chapters are pretty good. The answers in the appendix are good as well - but not as one would expect. Quite a few are wrong, and the exercise of researching each for correctness was good learning exercise7) If you want a book that will help prepare you for the CSSLP, this is all you have. Until something better comes along, this one will do (or more likely, this one will have to do)

I just completed my SSCP last week, ordered this book to take the CSSLP next. I used the book by Darril Gibson for SSCP and I am familiar with many Security Related terms and their definitions. I have also read about 1/3rd of Shon Harris CISSP book, which is a pleasure to read and understand.In this CSSLP CBK it looks like nothing can be said in simple sentences. Topics seem disconnected, it is not an easy read. So I paid $80 for a Table Of Contents and will look up the material from other resources.

I passed the CSSLP exam using this book as the primary source.Even though it is not aligned with the latest CSSLP CBK, it is still effective.

El libro en si es el manual oficial de ISC2 pero deja mucho que desear como esta redactado y eso que esta en ingles. Sorprende que sea tan penoso el material de estudio oficial y haya que terminar recurriendo a libros extra oficiales para preparara la certificación

Thanks for the titanic labour of collecting the numerous research and industry papers into a concise book. I like the clear formatting, quizzes and references. I did not delve into the book much as I see myself work in only one or two of the eight domains. It helps a lot to people like me who have trouble following visual dynamic information in online courses.

配達追跡はできないが、しおりも入っていて予定通り到着したので嬉しかった。また今度も頼みたい。

Inhaltlich ist das Buch gut geeignet um sich auf die Prüfung vorzubereiten oder systematisch Wissen in diesem Themenbereich zu erarbeiten. Sprachlich ist das Buch ein Witz. Ich kenne kein Buch, keine Bachelor-, Masterthesis oder Dissertation, die mehr Rechtschreibfehler hat.

This book focus on the most neglected side of information security, Systems Design and Development. Good knowledge source to move forward.Great