Overview
-
Use this course to help you prepare for the Software Development Security domain of the 2021 CISSP exam.
Syllabus
-
Introduction
- Software development security
- What you need to know
- Study resources
- Software platforms
- Development methodologies
- Maturity models
- Change management
- Automation and DevOps
- Programming languages
- Acquired software
- Code review
- Software testing
- Code security tests
- Fuzz testing
- Code repositories
- Application management
- Third-party code
- Software risk analysis and mitigation
- OWASP Top 10
- Application security
- Preventing SQL injection
- Understanding cross-site scripting
- Request forgery
- Defending against directory traversal
- Overflow attacks
- Explaining cookies and attachments
- Session hijacking
- Code execution attacks
- Privilege escalation
- Driver manipulation
- Memory vulnerabiliities
- Race condition vulnerabilities
- Input validation
- Parameterized queries
- Authentication/session management issues
- Output encoding
- Error and exception handling
- Code signing
- Database security
- Data deidentification
- Data obfuscation
- What is the cloud?
- Cloud computing roles
- Drivers for cloud computing
- Security service providers
- Cloud activities and the cloud reference architecture
- Cloud deployment models
- Cloud service categories
- Continuing your studies
