BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Where does security fit into SDLC phases?
In each phase of the software development life cycle, there is an opportunity for infosec pros to add value. Learn more in this video with expert Adam Gordon. Watch Now
"Applications are getting so much less complex these days," said no one ever. And just as enterprise applications themselves grow more sophisticated, their development environments have become equally thorny. It should come as no surprise that this makes software development security more challenging -- and important. Enterprises need to be on the lookout for everything from sloppy coding to a zero-day threat to an intentionally exposed vulnerability. Properly identifying these faults before they turn into real exploits requires applying security in the software development lifecycle, as well as enforcing security controls in development environments.
In this Security School, based on (ISC)² CISSP training material for Domain 8: Software Development Security, learn the basic principles behind securely designing, testing and building enterprise applications. In his video, expert Adam Gordon walks viewers through the role of security in each phase of the software development lifecycle. In his tip, Gordon provides an introduction to the use of software forensics to trace the identity and intent of attackers.
Once you've reviewed the parts of this Security School, take the quiz to see how much you have learned about software development security concepts and best practices.