18. Day 18 – Software Development Security - Security in Software Development Life Cycle
by M. L. Srinivasan
CISSP in 21 Days - Second Edition
- CISSP in 21 Days Second Edition
- CISSP in 21 Days Second Edition
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Preface
- 1. Day 1 – Security and Risk Management - Security, Compliance, and Policies
- 2. Day 2 – Security and Risk Management - Risk Management, Business Continuity, and Security Education
- 3. Day 3 – Asset Security - Information and Asset Classification
- 4. Day 4 – Asset Security - Data Security Controls and Handling
- 5. Day 5 – Exam Cram and Practice Questions
- 6. Day 6 – Security Engineering - Security Design, Practices, Models, and Vulnerability Mitigation
- 7. Day 7 – Security Engineering - Cryptography
- 8. Day 8 – Communication and Network Security - Network Security
- An overview of communication and network security
- Network architecture, protocols, and technologies
- Open System Interconnect (OSI) model
- OSI layers and security
- Application layer protocols and security
- Presentation layer protocols and security
- Summary
- Sample questions
- 9. Day 9 – Communication and Network Security - Communication Security
- An overview of communication security
- Security in communication channels
- Attacks on communication networks
- Preventing or mitigating communication network attacks
- Summary
- Sample questions
- 10. Day 10 – Exam Cram and Practice Questions
- 11. Day 11 – Identity and Access Management - Identity Management
- 12. Day 12 – Identity and Access Management - Access Management, Provisioning, and Attacks
- 13. Day 13 – Security Assessment and Testing - Designing, Performing Security Assessment, and Tests
- An overview of security assessment and testing
- Security assessment and test strategies
- Security controls
- Summary
- Sample questions
- 14. Day 14 – Security Assessment and Testing - Controlling, Analyzing, Auditing, and Reporting
- 15. Day 15 – Exam Cram and Practice Questions
- 16. Day 16 – Security Operations - Foundational Concepts
- An overview of operations security
- The physical security design
- Physical and operations security controls
- Operations/facility security
- Protecting and securing equipment
- Computer investigations
- Summary
- Sample questions
- 17. Day 17 – Security Operations - Incident Management and Disaster Recovery
- 18. Day 18 – Software Development Security - Security in Software Development Life Cycle
- 19. Day 19 – Software Development Security - Assessing effectiveness of Software Security
- 20. Day 20 – Exam Cram and Practice Questions
- 21. Day 21 – Exam Cram and Mock Test
This chapter covers foundational concepts in various software development life cycle models, and it discusses security requirements in software development processes and assurance requirements in the software.
A candidate appearing for the CISSP exam is expected to have foundational concepts and knowledge in the following key areas of the software development security domain:
- Software development life cycle models
- Security in the software development life cycle
- Security controls in development environments
- Assurance requirements in software
- Software security testing
- Security impact analysis on acquired software
Software is a core building block in an IT infrastructure. Applications are the outcome of software development, and they are most important from the perspective of security, as they deal with data.
Applications provide a way to achieve tasks that are related to the input, processing, and the output of data. Besides this, applications are used to store, retrieve, process, transmit, or destroy data. Therefore, it is of paramount importance to ensure the security of applications:
Observe the preceding diagram. The primary area that a security professional should focus on is the addressing of security requirements at the design stage of the application itself. An application contains software code, and it is important that secure coding practices are used throughout the Software Development Life Cycle (SDLC) processes.
In this module, you will learn about the following:
- Systems engineering concepts
- Security in the software development life cycle
- Software development life cycle models
- An overview of enforcing security controls in development environments
-
No Comment