Looking for advice on Software Development domain
My background is in network/server/firewall type work, so I'm finding the Software Development domain to be particularly daunting, since almost everything in this domain is foreign to me.
I was hoping those of you who have taken the exam could provide some insight regarding what you'd recommend focusing on, which subjects seem to be most important, how to best approach studying this domain, what helped you the most, etc...
Thanks!
I was hoping those of you who have taken the exam could provide some insight regarding what you'd recommend focusing on, which subjects seem to be most important, how to best approach studying this domain, what helped you the most, etc...
Thanks!
Comments
-
GeneC Member Posts: 51 ■■□□□□□□□□Funny I pretty much posted the same thing earlier. I am in the exact same boat as you. For me the toughest domain as well. Looking forward to seeing response.
Gene -
jvrlopez Member Posts: 913 ■■■■□□□□□□This was my weakest domain. I am a network monitoring guy by trade and had no experience in software development.
I'd recommend understanding and memorizing the overall steps of the software development process as well as the various models. Also understand where the most critical aspects of security play during the development process.And so you touch this limit, something happens and you suddenly can go a little bit further. With your mind power, your determination, your instinct, and the experience as well, you can fly very high. ~Ayrton Senna
-
JDMurray Admin Posts: 13,101 AdminYou need to know how software works before you can understand how to secure it. Only the largest application Security InfoSec books will go over the basic concepts of software design and implementation. Of course, learning to be a programmer from online courses is a good way to go, but that's a lot of work just to learn one of the ten CISSP domains.
I would recommend reading any good explanations of the security used in the Java and .NET application frameworks. That will give coverage of both Web and application security.