"Applications are getting so much less complex these days," said no one ever. And just as enterprise applications themselves grow more sophisticated, their development environments have become equally thorny. It should come as no surprise that this makes software development security more challenging -- and important. Enterprises need to be on the lookout for everything from sloppy coding to a zero-day threat to an intentionally exposed vulnerability. Properly identifying these faults before they turn into real exploits requires applying security in the software development lifecycle, as well as enforcing security controls in development environments.
In this Security School, based on (ISC)² CISSP training material for Domain 8: Software Development Security, learn the basic principles behind securely designing, testing and building enterprise applications. In his video, expert Adam Gordon walks viewers through the role of security in each phase of the software development lifecycle. In his tip, Gordon provides an introduction to the use of software forensics to trace the identity and intent of attackers.
Once you've reviewed the parts of this Security School, take the quiz to see how much you have learned about software development security concepts and best practices.
Diving into software development security
Domain 8 of the CISSP exam tests your understanding of software development security. Learn more about what makes a secure software environment, common points of vulnerability in the development lifecycle, how to identify attackers and more.
By analyzing the proverbial fingerprints of malicious software -- its program code -- infosec pros can gain meaningful insights into an attacker's intent and identity. Continue Reading
Understanding the ins and outs of the software development lifecycle is pivotal to passing Domain 8 of the CISSP exam. Are you ready? Find out with this practice quiz. Continue Reading