Code signing provides developers with a way to show the world that code originated from them and was not tampered with by malicious individuals. It also provides end users with a way to determine what software they can trust. In this video, learn about how developers sign code and how end users verify those digital signatures.
- [Instructor] Code signing provides a way…for developers to demonstrate to end users…that applications are from a legitimate source.…In my CISSP Security Engineering course…I covered how individuals may apply digital signatures…to data to provide nonrepudiation.…Anyone wishing to verify a digital signature…may do so by using the signer's digital certificate.…If you need a brief refresher on those concepts,…you might want to quickly review the Digital Signature…and Digital Certificate videos…from the Security Engineering course.…
Digital signatures may also be used…for code signing.…Users may obtain software from a wide variety of sources.…It may be pre-installed on their computer…by their IT department,…they might download software from an app store…or find it on a website.…Code signing attempts to help users determine…whether code is legitimate.…Developers who wish to sign their code…obtain a digital certificate…from a trusted certificate authority.…They then use the private key associated…with that digital certificate…
This course—along with the others in this nine-part series—prepare you for the CISSP exam and provide you with a solid foundation for a career in information security.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Software development methodologies
- Operation, maintenance, and change management
- Cross-site scripting
- Preventing SQL injection
- Overflow attacks
- Malicious add-ons
- Secure coding practices
- Code signing
- Risk analysis and mitigation
- Software testing
- Acquired software