Prepare for the Certified Information Systems Security Professional (CISSP) exam by bolstering your knowledge of software development security practices. In this course, follow Mike Chapple as he walks through each topic in the eighth domain of the CISSP exam—Software Development Security. He covers the software development lifecycle and common software security issues, such as cookies, session hijacking, and code execution attacks. Mike also discusses secure coding practices and software security assessment.
This course—along with the others in this nine-part series—prepare you for the CISSP exam and provide you with a solid foundation for a career in information security.
Topics include:
Software development methodologies
Operation, maintenance, and change management
DevOps
Cross-site scripting
Preventing SQL injection
Overflow attacks
Malicious add-ons
Secure coding practices
Code signing
Risk analysis and mitigation
Software testing
Acquired software
1 - Introduction
|
|
|
|
|
|
01. Welcome
|
02. What_you_need_to_know
|
03. Application_security
|
2 - 1._Software_Development_Lifecycle
|
|
|
|
|
|
04. Development_methodologies
|
05. Maturity_models
|
06. Operation_maintenance_and_change_management
|
07. DevOps
|
3 - 2._Software_Security_Issues
|
|
|
|
|
|
08. Understanding_cross-site_scripting
|
09. Preventing_SQL_injection
|
10. Privilege_escalation
|
11. Directory_traversal
|
|
|
|
|
|
|
12. Overflow_attacks
|
13. Cookies
|
14. Session_hijacking
|
15. Malicious_add-ons
|
|
|
|||
|
16. Code_execution_attacks
|
4 - 3._Secure_Coding_Practices
|
|
|
|
|
|
17. Error_and_exception_handling
|
18. Code_repositories
|
19. Third-party_code
|
20. Code_signing
|
5 - 4._Software_Security_Assessment
|
|
|
|
|
|
21. Risk_analysis_and_mitigation
|
22. Software_testing
|
23. Acquired_software
|
6 - Conclusion
|
|
|||
|
27. What_s_next
|