by David R. Miller | Publisher: Infinite Skills | Release Date: July 2016 | ISBN: 9781491966037

Presented by security ace David R. Miller, this course covers what you will need to know to pass the CISSP Domain 8 - Software Development Security exam. Domain 8 focuses on the challenges of securing software applications from malicious attack. The course starts with a look at the various types of applications and identifies the risks within their architecture.It goes on to examine the software development life cycle, offering several highly recommended models for enhancing security during the phases of the life cycle and within the applications themselves. Specific risks, countermeasures, and controls are covered along with a description of the testing strategies used to ensure more secure applications. Learn what is required to pass Domain 8 of the 2015 CISSP Certification Course Understand the security risks inherent within the architecture of the different forms of applications Review the security dangers associated with the different SDLC methodologies Explore buffer overflow and injection risks, and how to protect against them Master the controls used to secure the computing environment and the SDLC Gain insight regarding the testing strategies used to secure software applicationsDavid R. Miller (CISSP, PCI QSA, CEH) is President of the MicroLink Corporation, a provider of information systems security, compliance, and training services. He has lectured on information security to many audiences, including those at the U.S. Military Academy at West Point, the U.S. Army Advanced Battle Command, Cisco Systems Inc., Oracle Corporation, and Symantec Corporation. He is the author (or co-author) of numerous books on network systems and information security, and many training videos for O'Reilly.

1. Application Architecture
   • CISSP 2018 Domain 8 Update: Software Development Security Part 1 00:11:28
   • CISSP 2018 Domain 8 Update: Software Development Security Part 2 00:11:43
   • Application Architecture Introduction 00:08:35
   • Application Architecture Review 00:10:56
2. The Software Development Lifecycle And Related Development Models
   • The Software Development Lifecycle 00:09:08
   • CMM, SDL, And OWASP 00:09:55
   • Waterfall, Spiral, And Prototyping 00:07:38
   • Agile Development Platforms And DevOps 00:07:45
3. Risks Within Software
   • Risks Within Software 00:12:15
   • Buffer Overflow And Injection 00:10:18
4. Controls To Secure Software Development
   • Development Environment, Version Control, And Security Controls 00:08:00
   • Stack Canary, NX Memory, And Garbage Collection 00:08:25
   • Sandboxing 00:07:25
   • Input, Process, And Output Controls 00:09:14
   • Software Development Controls Summary 00:08:16
5. Testing Software
   • Code And Software Testing 00:07:58
   • Web Application Testing 00:09:18
6. Wrap Up
   • Wrap Up 00:05:09