This chapter covers foundational concepts in various software development life cycle models, and it discusses security requirements in software development processes and assurance requirements in the software.
A candidate appearing for the CISSP exam is expected to have foundational concepts and knowledge in the following key areas of the software development security domain:
Software is a core building block in an IT infrastructure. Applications are the outcome of software development, and they are most important from the perspective of security, as they deal with data.
Applications provide a way to achieve tasks that are related to the input, processing, and the output of data. Besides this, applications are used to store, retrieve, process, transmit, or destroy data. Therefore, it is of paramount importance to ensure the security of applications:
Observe the preceding diagram. The primary area that a security professional should focus on is the addressing of security requirements at the design stage of the application itself. An application contains software code, and it is important that secure coding practices are used throughout the Software Development Life Cycle (SDLC) processes.
In this module, you will learn about the following: