CISSP: Software Development Security Proficiency (Advanced Level)

Topics covered

• assess the security impact of commercial off-the-shelf (COTS), open-source, and third-party acquired software
• compare application security testing methods like static application security testing (SAST) and dynamic application security testing (DAST)
• compare development methodologies, such as Waterfall, Agile, CI/CD, DevOps, and DevSecOps
• define integrated product teams and their role in software development security
• define recommended secure coding practices and guidance for SecDevOps
• describe different availability concepts such as failover, replication, clustering, scalability, and resiliency
• describe enterprise mobility management and control
• describe non-repudiation concepts such as PKI and digital signatures
• describe operations, maintenance, and change management in maturity models like capability maturity model (CMM) and software assurance maturity model (SAMM)
• differentiate between authorization concepts such as access controls and entitlements
• differentiate between different integrity concepts such as hashing, digital signatures, code signing, reliability, alterations, and authenticity
• explain the securing of application programming interfaces (APIs)
• identify and apply security controls in programming languages, libraries, runtimes, code repositories, IDE, and toolsets
• identify weaknesses in source code
• list accountability concepts such as auditing and logging
• outline and apply software-defined security
• recognize available authentication concepts such as multifactor authentication, identity and access management, single sign-on, and federated identity
• recognize characteristics of legal and regulatory requirements, as well as compliance with them
• recognize confidentiality concepts such as covert, overt, and encryption
• recognize how security requirements are aligned with functional and non-functional requirements