Looking for advice on Software Development domain

My background is in network/server/firewall type work, so I'm finding the Software Development domain to be particularly daunting, since almost everything in this domain is foreign to me.

I was hoping those of you who have taken the exam could provide some insight regarding what you'd recommend focusing on, which subjects seem to be most important, how to best approach studying this domain, what helped you the most, etc...

Thanks!

Find more posts tagged with

Comments

GeneC

Funny I pretty much posted the same thing earlier. I am in the exact same boat as you. For me the toughest domain as well. Looking forward to seeing response.

Gene

billyr2009

Add me to this list too friends! Its one of my weakest domains

jvrlopez

This was my weakest domain. I am a network monitoring guy by trade and had no experience in software development.

I'd recommend understanding and memorizing the overall steps of the software development process as well as the various models. Also understand where the most critical aspects of security play during the development process.

JDMurray

You need to know how software works before you can understand how to secure it. Only the largest application Security InfoSec books will go over the basic concepts of software design and implementation. Of course, learning to be a programmer from online courses is a good way to go, but that's a lot of work just to learn one of the ten CISSP domains.

I would recommend reading any good explanations of the security used in the Java and .NET application frameworks. That will give coverage of both Web and application security.