CISSP: Software Development Security

Individuals interested in information systems security concepts, methodologies and best practices; candidates for the Certified Information Systems Security Professional (CISSP) exam

Prerequisite
None

Expected Duration
83 minutes

Description
While information systems security professionals are not generally involved in software development, they are responsible to assess and implement security controls on software being used within the organizational environment. In this course you’ll learn about best practices for implementing and enforcing software security controls. This course also covers best practices for assessing software security effectiveness, such as using change logs and audits, software security risk analysis, and software security acceptance testing. Finally this course covers best practices for assessing security impacts of acquired or third-party software, and software assurance. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Information Systems Security Professional (CISSP) exam.

Objective

Security in the Software Development Lifecycle

  • start the course
  • distinguish between the basic phases of the SDLC
  • describe characteristics of non-iterative development methodologies and their role in software development security
  • describe characteristics of iterative development methodologies and their role in software development security
  • identify characteristics of capability maturity models and their role in software development life cycle security
  • identify secure operations and maintenance best practices during the software development lifecycle
  • identify secure change management best practices during the software development lifecycle
  • describe the purpose and best practices of IPTs and their role in secure software development

Security Controls in Development Environments

  • distinguish between security controls and best practices for the software environment
  • identify source-code level security vulnerabilities and methods to mitigate risk from them
  • use configuration management as a method for securing the coding environment
  • describe best practices for code repository security
  • describe best practices for application programming interface security

Assessing Software Security Effectiveness

  • use audits and change logs to assess the effectiveness of software security
  • describe risk analysis and mitigation best practices when assessing the effectiveness of software security
  • describe acceptance testing best practices when assessing the effectiveness of software security

Assessing Security Impacts of Acquired Software

  • distinguish between the three major phases of SwA
  • identify the general questions that should be answered as part of an effective software assurance policy

Practice: Securing Software Development

  • identify appropriate options for assessing software security

MONTHLY SUBSCRIPTION

$129/month
 

ANNUAL SUBSCRIPTION

$1295/year

Multi-license discounts available for Annual and Monthly subscriptions.