IN THIS CHAPTER
Applying security throughout the software development lifecycle
Enforcing security controls
Protecting development environments
Assessing software security
Reducing risk by applying safe coding practices
Sizing up the security impact of off-the-shelf software
You must understand the principles of software security controls, software development, and software vulnerabilities. Software and data are the foundation of information processing; software can’t exist apart from software development. An understanding of the software development process is essential for the creation and maintenance of software that’s appropriate, reliable, and secure. This domain represents 10 percent of the CISSP certification exam.
The software development lifecycle (SDLC, also ...