Learn about software development security practices to prepare for the eighth domain of the CISSP exam. Explore the software development lifecycle, software security issues, secure coding practices, and software security assessment.
- Hi, I'm Mike Chapple, and I'd like to welcome you to our CISSP Software Development Security course. The Certified Information Systems Security Professional, or CISSP certification, is the gold standard for information security certification. You'll find that it's a core requirement for many mid and senior level information security positions. Earning the CISSP requires demonstrating that you have sufficient work experience, and passing an exam covering the eight domains of information security.
This course covers that last of those eight domains, software development security. I have two decades of experience as an Information Security Professional, and I've been involved with CISSP training and certification for most of those. As you work your way through this course, you might find it helpful to have two books that I've written, by your side. The first is the Official CISSP Study Guide, available from Sybex. This book is approved by the International Information Systems Security Certification Consortium as they official study guide for the exam, and it contains context that supplements this course, and will help you be prepared when you take the exam.
The second book you'll want is the Official Practice Tests, also available from Sybex. This book contains 1300 practice exam questions, designed to mimic those on the actual exam. It has an entire chapter dedicated to questions from each domain, along with two full length practice tests to help you assess your progress. As we work our way through this course, we will focus on each topic covered by domain eight. We'll review how to apply security in the software development lifecycle, and enforce security controls in development environments.
We'll also cover how you can assess the effectiveness of software security, and the security impact of acquired software. And that's just a small sampling of the many topics covered in this course. These topics, combined with the information you learn in our other CISSP courses, will help you pass the CISSP exam, and also provide a critical foundation for your career in Information Security. Alright, let's get rolling.
- Learning about different software development methodologies
- Operation, maintenance, and change management
- Understanding cross-site scripting
- Preventing SQL injection
- Overflow attacks
- Malicious add-ons
- Secure coding practices
- Code signing
- Risk analysis and mitigation
- Software testing
- Acquired software