CISSP Domain 8: Software development security explained

Last updated:February 2018

Editor's note

"Applications are getting so much less complex these days," said no one ever. And just as enterprise applications themselves grow more sophisticated, their development environments have become equally thorny. It should come as no surprise that this makes software development security more challenging -- and important. Enterprises need to be on the lookout for everything from sloppy coding to a zero-day threat to an intentionally exposed vulnerability. Properly identifying these faults before they turn into real exploits requires applying security in the software development lifecycle, as well as enforcing security controls in development environments.

In this Security School, based on (ISC)² CISSP training material for Domain 8: Software Development Security, learn the basic principles behind securely designing, testing and building enterprise applications. In his video, expert Adam Gordon walks viewers through the role of security in each phase of the software development lifecycle. In his tip, Gordon provides an introduction to the use of software forensics to trace the identity and intent of attackers. 

Once you've reviewed the parts of this Security School, take the quiz to see how much you have learned about software development security concepts and best practices.

CISSP® is a registered mark of (ISC)².

View our Security School Course Catalog to view more schools.

1Diving into software development security

Domain 8 of the CISSP exam tests your understanding of software development security. Learn more about what makes a secure software environment, common points of vulnerability in the development lifecycle, how to identify attackers and more.

Enterprise Desktop
Cloud Computing