Software Development Security Applied for CISSP
Table of Contents
The scope of application development has increased significantly over the past couple of years. As the application environment has become more and more complex and challenging, the result is going to be a more threat-prone environment where security is considered as the key factor in the successful implementation of an application. Before we discuss it further, if you are pursuing a CISSP Certification, do check out the prep courses offered by the SPOTO.
Applications could have security vulnerabilities that might have been introduced intentionally or unintentionally by the developers. This is why software, as well as hardware controls, are required, although they might not necessarily prevent problems arising out of poor programming. As an integral part of the software development process, security is going to be an ongoing process that would be involving people and practices that collectively ensure the integrity, confidentiality, and reliability of an application.
What Systems Development Controls You Need to Know for the CISSP exam?
Systems development is considered a series of steps for creating, maintaining, or modifying an organization’s information system. System development could be used in different ways like:
- A process or a set of formal activities which would be utilized for developing a new or modifying an existing information system.
- A document that would be specifying a systems development process, known as the systems development standards manual.
- A life cycle showing the evolution as well as maintenance of information systems from start till the implementation as well as its continual usage.
High-Level Overview (SDLC, Models, PERT, Software Testing)
In the past, organizations were mainly focused on creating, releasing, as well as maintaining functional software. But now, as security concerns and associated business risks have been increased eventually, they are paying more attention to the integration of security right into the process of software development.
The Software Development Life Cycle (SDLC) and the CISSP
This is a framework that would be defining the process of building a software program or application from its prototype to the end product. In general, SDLC could be broken down into the following phases:
- Planning and requirement gathering, gathering business requirements.
- Architecture and Design, system and software design are considered to be prepared according to the requirements gathered in the first phase.
- Test Planning, a test strategy that would be determined to decide what to test, and how to test.
- Coding and Implementation, coding is considered to be done by dividing system design into work modules.
- Testing and Deployment, the developed product is going to be tested against the actual requirements to check that it serves the purpose.
- Release and Maintenance, the final product is going to be released and time to time maintenance is done to fix issues that would be arising.
Software Testing and the CISSP
Software testing is considered as a process utilized to discover bugs in software by executing an application or a program. It would be also aiming to verify that the software works as expected as well as meeting the technical as well as business requirements, as planned in the design and development phase. Software testing could be conducted dynamically or statically. In a static test, defects are going to be discovered without executing the code; i.e., source code inspection, through document review, etc.
Storing Data and Information
Storing data and information would securely prevent unauthorized individuals or parties from accessing it and also averting intentional or accidental destruction of the information. When developing software, it is considered to be important to consider where the information accessed by the application which would be read, written, monitored, or shared. The processes that would be utilized for storing, transmitting, modifying, or displaying data and information are assets that need to be secured properly. So, if you wish to go for the CISSP Certification, you could join the SPOTO and enhance your knowledge through their prep courses.