CISSP: Software Development Security Proficiency (Advanced Level)

  • 30m
  • 20 questions
The CISSP: Software Development Security Proficiency benchmark will measure your ability to recognize key terms and concepts related to software development security. You will be evaluated on software development lifecycles and ecosystems, and software development security. A learner who scores high on this benchmark demonstrates that they have an understanding of key software development security terminology and concepts.

Topics covered

  • assess the security impact of commercial off-the-shelf (COTS), open-source, and third-party acquired software
  • compare application security testing methods like static application security testing (SAST) and dynamic application security testing (DAST)
  • compare development methodologies, such as Waterfall, Agile, CI/CD, DevOps, and DevSecOps
  • define integrated product teams and their role in software development security
  • define recommended secure coding practices and guidance for SecDevOps
  • describe different availability concepts such as failover, replication, clustering, scalability, and resiliency
  • describe enterprise mobility management and control
  • describe non-repudiation concepts such as PKI and digital signatures
  • describe operations, maintenance, and change management in maturity models like capability maturity model (CMM) and software assurance maturity model (SAMM)
  • differentiate between authorization concepts such as access controls and entitlements
  • differentiate between different integrity concepts such as hashing, digital signatures, code signing, reliability, alterations, and authenticity
  • explain the securing of application programming interfaces (APIs)
  • identify and apply security controls in programming languages, libraries, runtimes, code repositories, IDE, and toolsets
  • identify weaknesses in source code
  • list accountability concepts such as auditing and logging
  • outline and apply software-defined security
  • recognize available authentication concepts such as multifactor authentication, identity and access management, single sign-on, and federated identity
  • recognize characteristics of legal and regulatory requirements, as well as compliance with them
  • recognize confidentiality concepts such as covert, overt, and encryption
  • recognize how security requirements are aligned with functional and non-functional requirements