Chapter 20

               Software Development Security


               THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER

               INCLUDE:

                      Domain 8: Software Development Security

                        8.1 Understand and integrate security in the software
                        development lifecycle (SDLC)

                             8.1.1 Development methodologies

                             8.1.2 Maturity models

                             8.1.3 Operation and maintenance

                             8.1.4 Change management

                             8.1.5 Integrated product team


                        8.2 Identify and apply security controls in development
                        environments

                             8.2.1 Security of the software environments

                             8.2.2 Configuration management as an aspect of secure
                             coding

                             8.2.3 Security of code repositories

                        8.3 Assess the effectiveness of software security

                             8.3.1 Auditing and logging of changes

                             8.3.2 Risk analysis and mitigation


                        8.4 Assess security impact of acquired software
                        8.5 Define and apply secure coding guidelines and standards


                             8.5.2 Security of application programming interfaces

                             8.5.3 Secure coding practices