CISSP Mastery
All domains
Domain 810% of exam

Software Development Security

5 lessons ~2h

0%
0/5

Building security into software. Integrating security across the SDLC and methodologies (Agile, DevSecOps), securing the development ecosystem and toolchain (CI/CD, SAST/DAST/IAST, repositories), assessing software effectiveness and acquired/third-party software, and applying secure coding standards against source-level weaknesses and API risks.

Start studying Practice this domain

Recommended reading

Official Study Guide (Sybex) 10eCh. 20–21Eleventh Hour CISSPDomain 8

Lessons

  1. 8.1

    Integrate security in the Software Development Life Cycle (SDLC)

    Know the SDLC phases and how methodologies differ (Waterfall vs Agile vs DevOps/DevSecOps), plus maturity models (CMM, SAMM) that gauge process rigor.

    ~35 min

  2. 8.2

    Identify and apply security controls in development ecosystems

    Secure the toolchain: language/library/tooling choices, IDEs and runtime, CI/CD, configuration management, code repositories, and application security testing (SAST, DAST, SCA, IAST).

    ~40 min

  3. 8.3

    Assess the effectiveness of software security

    Measure whether software controls work via auditing/logging of changes and ongoing risk analysis and mitigation.

    ~20 min

  4. 8.4

    Assess security impact of acquired software

    Evaluate the risk of software you buy or inherit: COTS, open source, third-party, managed services, and cloud (SaaS/IaaS/PaaS).

    ~20 min

  5. 8.5

    Define and apply secure coding guidelines and standards

    Prevent source-level weaknesses (OWASP Top 10, injection, buffer overflow), secure APIs, and adopt secure-coding practices and software-defined security.

    ~30 min