CISSP Cert Prep (2021): 8 Software Development Security

Use this course to help you prepare for the Software Development Security domain of the 2021 CISSP exam.

Introduction

• Software development security
• What you need to know
• Study resources

1. Software Development Lifecycle

• Software platforms
• Development methodologies
• Maturity models
• Change management
• Automation and DevOps
• Programming languages
• Acquired software

2. Software Quality Assurance

• Code review
• Software testing
• Code security tests
• Fuzz testing
• Code repositories
• Application management
• Third-party code
• Software risk analysis and mitigation

3. Application Attacks

• OWASP Top 10
• Application security
• Preventing SQL injection
• Understanding cross-site scripting
• Request forgery
• Defending against directory traversal
• Overflow attacks
• Explaining cookies and attachments
• Session hijacking
• Code execution attacks
• Privilege escalation
• Driver manipulation
• Memory vulnerabilities
• Race condition vulnerabilities

4. Secure Coding Practices

• Input validation
• Parameterized queries
• Authentication/session management issues
• Output encoding
• Error and exception handling
• Code signing
• Database security
• Data deidentification
• Data obfuscation

5. Cloud Computing

• What is the cloud?
• Cloud computing roles
• Drivers for cloud computing
• Security service providers
• Cloud activities and the cloud reference architecture
• Cloud deployment models
• Cloud service categories

Conclusion

• Continuing your studies