Security School

Get started Bring yourself up to speed with our introductory content.

CISSP Domain 8: Software development security explained

Domain 8 is the final section of the CISSP exam. While it represents the end, it also takes us right to the beginning -- to the software development lifecycle. Here lie security challenges and opportunities.


"Applications are getting so much less complex these days," said no one ever. And just as enterprise applications themselves grow more sophisticated, their development environments have become equally thorny. It should come as no surprise that this makes software development security more challenging -- and important. Enterprises need to be on the lookout for everything from sloppy coding to a zero-day threat to an intentionally exposed vulnerability. Properly identifying these faults before they turn into real exploits requires applying security in the software development lifecycle, as well as enforcing security controls in development environments.

In this Security School, based on (ISC)² CISSP training material for Domain 8: Software Development Security, learn the basic principles behind securely designing, testing and building enterprise applications. In his video, expert Adam Gordon walks viewers through the role of security in each phase of the software development lifecycle. In his tip, Gordon provides an introduction to the use of software forensics to trace the identity and intent of attackers. 

Once you've reviewed the parts of this Security School, take the quiz to see how much you have learned about software development security concepts and best practices.

CISSP® is a registered mark of (ISC)².

View our Security School Course Catalog to view more schools.

1Learning links-

Diving into software development security

Domain 8 of the CISSP exam tests your understanding of software development security. Learn more about what makes a secure software environment, common points of vulnerability in the development lifecycle, how to identify attackers and more.


Where does security fit into SDLC phases?

In each phase of the software development life cycle, there is an opportunity for infosec pros to add value. Learn more in this video with expert Adam Gordon. Continue Reading


Use software forensics to uncover the identity of attackers

By analyzing the proverbial fingerprints of malicious software -- its program code -- infosec pros can gain meaningful insights into an attacker's intent and identity. Continue Reading


Domain 8: Security in software development lifecycle quiz

Understanding the ins and outs of the software development lifecycle is pivotal to passing Domain 8 of the CISSP exam. Are you ready? Find out with this practice quiz. Continue Reading

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.