CISSP: Software Development Security

(Understanding, Applying, and Enforcing Software Security)

Here you will need to:

  • Application of security concepts
  • Application of best practices


  • Production Software
  • Development Software


Since most CISSP done like to program, we let the programmers do it. But the CISSP does need to know how to interact with the developers.

Therefore, know:

  • All of the development methodologies
  • maturity models
  • operations Management
  • Maintenance
  • Change Management

and the importance of working with a development team.

You will still need to enforce security controls and be knowledgeable with

  • Software Development tools
  • Source Code Weaknesses
  • Vulnerabilities
  • Configuration Management

as it relates to

  • source code development
  • security of code repositories
  • security of application programming interfaces

Lastly, you will be tested on:

  • auditing
  • logging
  • change management
  • risk analysis
  • mitigation

for effective software security and security impact mitigation.

Course Content

Lessons Status

Leave Comment

Your email address will not be published. Required fields are marked *