Chapter 7
Software Development Security
In This Chapter
Dealing with different types of computer environments
Getting a handle on databases and data warehousing
Using knowledge-based systems
Understanding the life cycle of systems development
Using application security controls to combat malicious code
Knowing your cyber-enemy
The Software Security domain introduces many important concepts that overlap with other CBK domains.
You must fully understand the principles of software, software development, software vulnerabilities, and databases. Software and data are the foundation of information processing; software can’t exist apart from software development. An understanding of the software development process is essential for the creation and maintenance of software that’s appropriate, reliable, and secure. After all, if you don’t understand how information systems work, how can you be expected to know how to protect them?
Additionally, the CISSP candidate must understand how malicious code works, how hackers attack systems, and how to stop malicious users. Security professionals should be familiar with these issues so they can guide software developers to create software that strengthens and defends systems and applications against attacks.
The scope of this domain applies to all types of software, including applications, operating systems, utilities, and even embedded systems.