This is the content of Software development security of CISSP®
This domain 8 is worth 10% of the grade to be achieved.
Domaine 8 of CISSP®
Content updated according to the new official programme for 2024
| N° | Description |
|---|---|
| 8.1 | Understandand 0 Igrate security in the Software Development Life Cycle (SDLC) |
| 8.1.1 | Development methodologies (eg, Agile, Waterfall,DevOps,DevSecOps) |
| 8.1.2 | Maturity Models (eg, Capability Maturity Model (CMM), Software Assurance Maturity Model (SAMM)) |
| 8.1.3 | Operation and maintenance |
| 8.1.4 | Change management |
| 8.1.5 | Integrated Product Team (IPT) |
| 8.2 | Identify and apply security controls in software development ecosystems |
| 8.2.1 | Programming languages |
| 8.2.2 | Libraries |
| 8.2.3 | Tool sets |
| 8.2.4 | Integrated Development Environment (IDE) |
| 8.2.5 | Runtime |
| 8.2.6 | Continuous Integration and Continuous Delivery (CI/CD) |
| 8.2.7 | Security Orchestration, Automation, and Response(SOAR) |
| 8.2.8 | Software Configuration Management (SCM) |
| 8.2.9 | Code repositories |
| 8.2.10 | Application security testing (eg, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) |
| 8.3 | Assess the effectiveness of software security |
| 8.3.1 | Auditing And logging of changes |
| 8.3.2 | Risk analysis and mitigation |
| 8.4 | Assess security impact of acquired software |
| 8.4.1 | Commercial-off-the-shelf (COTS) |
| 8.4.2 | Open source |
| 8.4.3 | Third-party |
| 8.4.4 | Managed services (eg, Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS)) |
| 8.5 | Define and apply secure coding guidelines and standards |
| 8.5.1 | Security weaknesses and vulnerabilities at theSource-code level |
| 8.5.2 | Security of Application Programming Interfaces (APIs) |
| 8.5.3 | Secure coding practices |
| 8.5.4 | Software-defined Security |