CISSP Cert Prep (2021): 8 Software Development Security
2h 45mAdvanced2022-02-28
Authors

Mike Chapple
Teaching Professor at the University of Notre Dame
Course details
Are you preparing to take the Certified Information Systems Security Professional (CISSP) exam, or are you a cybersecurity professional pursuing a better understanding of secure coding practices? In this course, instructor Mike Chapple provides you with the detailed information you need to get ready for the Software Development Security domain of the 2021 CISSP exam. Mike explains software development security practices as needed to complete the exam. He covers the software development lifecycle, code review, software testing, and common software security issues. Mike also discusses secure coding practices, security considerations for cloud computing, and software security assessment.
Skills covered
Software Development SecurityIncident ResponseCybersecurityCert Prep
Concepts
0. Introduction
- 01 - Software development security
- 02 - What you need to know
- 03 - Study resources
1. Software Development Lifecycle
- 04 - Software platforms
- 05 - Development methodologies
- 06 - Maturity models
- 07 - Change management
- 08 - Automation and DevOps
- 09 - Programming languages
- 10 - Acquired software
2. Software Quality Assurance
- 11 - Code review
- 12 - Software testing
- 13 - Code security tests
- 14 - Fuzz testing
- 15 - Code repositories
- 16 - Application management
- 17 - Third-party code
- 18 - Software risk analysis and mitigation
3. Application Attacks
- 19 - OWASP Top 10
- 20 - Application security
- 21 - Preventing SQL injection
- 22 - Understanding cross-site scripting
- 23 - Request forgery
- 24 - Defending against directory traversal
- 25 - Overflow attacks
- 26 - Explaining cookies and attachments
- 27 - Session hijacking
- 28 - Code execution attacks
- 29 - Privilege escalation
- 30 - Driver manipulation
- 31 - Memory vulnerabilities
- 32 - Race condition vulnerabilities
4. Secure Coding Practices
- 33 - Input validation
- 34 - Parameterized queries
- 35 - Authentication session management issues
- 36 - Output encoding
- 37 - Error and exception handling
- 38 - Code signing
- 39 - Database security
- 40 - Data deidentification
- 41 - Data obfuscation
5. Cloud Computing
- 42 - What is the cloud
- 43 - Cloud computing roles
- 44 - Drivers for cloud computing
- 45 - Security service providers
- 46 - Cloud activities and the cloud reference architecture
- 47 - Cloud deployment models
- 48 - Cloud service categories
Conclusion
- 49 - Continuing your studies
Related courses
- CISSP Cert Prep (2021): The Basics
- CISSP Cert Prep (2021): 1 Security and Risk Management
- CISSP Cert Prep (2021): 2 Asset Security
- CISSP Cert Prep (2021): 3 Security Architecture and Engineering
- CISSP Cert Prep (2021): 6 Security Assessment and Testing
- CISSP Cert Prep (2021): 4 Communication and Network Security
- CISSP Cert Prep (2021): 5 Identity and Access Management
- CISSP Cert Prep (2021): 7 Security Operations