Domain 8

Security in the Software Development Life Cycle

Although information security has traditionally emphasized system-level access controls, the security professional needs to ensure that the focus of the enterprise security architecture includes applications because many information security incidents now involve software vulnerabilities in one form or another. Application vulnerabilities also allow an entry point to attack systems, sometimes at a very deep level. (Web application vulnerabilities have been frequently used in this manner.) Malware is much more than a mere nuisance: It is now a major security risk faced by every enterprise ...

Get Official (ISC)2 Guide to the CISSP CBK, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.