Software Development Security
The Software Development Security domain refers to the controls that are included within systems and application software and the steps used in their development (for example, the Software Development Life Cycle, or SDLC).
Software refers to system software (operating systems) and application programs such as agents, applets, software, databases, data warehouses, and knowledge-based systems. These applications may be used in distributed or centralized environments.
The candidate should fully understand the security and controls of the systems development process, system life cycle, application controls, change controls, data warehousing, data mining, knowledge-based systems, program interfaces, and concepts used to ensure data and application integrity, security, and availability.
We talk about this domain in Chapter 7. Here are the major topics:
Maintaining security throughout the life cycle of software development
Setting up appropriate security controls for your environment
Assessing the effectiveness of software security