(Understanding, Applying, and Enforcing Software Security)
Here you will need to:
- Application of security concepts
- Application of best practices
- Production Software
- Development Software
Since most CISSP done like to program, we let the programmers do it. But the CISSP does need to know how to interact with the developers.
- All of the development methodologies
- maturity models
- operations Management
- Change Management
and the importance of working with a development team.
You will still need to enforce security controls and be knowledgeable with
- Software Development tools
- Source Code Weaknesses
- Configuration Management
as it relates to
- source code development
- security of code repositories
- security of application programming interfaces
Lastly, you will be tested on:
- change management
- risk analysis
for effective software security and security impact mitigation.