Chapter 7

Software Development Security

In This Chapter

Dealing with different types of computer environments

Getting a handle on databases and data warehousing

Using knowledge-based systems

Understanding the life cycle of systems development

Using application security controls to combat malicious code

Knowing your cyber-enemy

The Software Security domain introduces many important concepts that overlap with other CBK domains.

You must fully understand the principles of software, software development, software vulnerabilities, and databases. Software and data are the foundation of information processing; software can’t exist apart from software development. An understanding of the software development process is essential for the creation and maintenance of software that’s appropriate, reliable, and secure. After all, if you don’t understand how information systems work, how can you be expected to know how to protect them?

Additionally, the CISSP candidate must understand how malicious code works, how hackers attack systems, and how to stop malicious users. Security professionals should be familiar with these issues so they can guide software developers to create software that strengthens and defends systems and applications against attacks.

The scope of this domain applies to all types of software, including applications, operating systems, utilities, and even embedded systems.