nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Application Security/CISSP

flatworld

Is there a growing trend of Application Security, specifically Change Control methdology/procedures etc to focus on during studies?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

JDMurray

It's likely that the release of the CSSLP certification for secure software development has influenced the revision of CISSP exam items for the Application Security CISSP CBK domain. I think it might be useful to have a basic understanding of how CM contributes to the Secure Software Development Life Cycle (SSDLC). In fact, a good understanding of the SSDLC couldn't hurt either.

drk1980

flatworld,
Yes change control & patch management are important areas for the exam. Just know the concepts...

hustlin_moe20

drk1980 wrote: »

flatworld,
Yes change control & patch management are important areas for the exam. Just know the concepts...

I'm going to brush up on these myself. I don't have much time left.

flatworld

I had my exam on Sunday. So now the wait begins.
Two of my coworkers have both said they were positive they failed when they walked out, and one of them said they didnt know the answer to the first 30 questions, yet they passed..................

I was just curious if application security is going to be elevated to one of the more unofficial "important" domains. There's a thread on a competing website forum for CISSp, that lists 5 domains, that their community generally agrees on that CISSP test takers need to focus on, with application security being the "sixth" unofficial domain that is getting more focus as time goes on.

I can attest to this .................................
Waiting for results...

cabrillo24

flatworld wrote: »

I had my exam on Sunday. So now the wait begins.
Two of my coworkers have both said they were positive they failed when they walked out, and one of them said they didnt know the answer to the first 30 questions, yet they passed..................

I was just curious if application security is going to be elevated to one of the more unofficial "important" domains. There's a thread on a competing website forum for CISSp, that lists 5 domains, that their community generally agrees on that CISSP test takers need to focus on, with application security being the "sixth" unofficial domain that is getting more focus as time goes on.

I can attest to this .................................
Waiting for results...

Focusing on the top 5 domains definitely helped me in my studies. I studied every domain, but put a greater emphasis on those 5 domains. You can only study so long for a certification before you absolutely get burned out.

hustlin_moe20

flatworld wrote: »

I had my exam on Sunday. So now the wait begins.
Two of my coworkers have both said they were positive they failed when they walked out, and one of them said they didnt know the answer to the first 30 questions, yet they passed..................

I was just curious if application security is going to be elevated to one of the more unofficial "important" domains. There's a thread on a competing website forum for CISSp, that lists 5 domains, that their community generally agrees on that CISSP test takers need to focus on, with application security being the "sixth" unofficial domain that is getting more focus as time goes on.

I can attest to this .................................
Waiting for results...

Anyone care to share what those domains are?

JDMurray

The worst things you can do is believe that you have a better chance of passing by studying well only a few of the domains because most of the exam items will be about them. This isn't true.

All of the domains are fairly equally weighted on every exam. People tend to remember the items that have the most trouble on, and don't remember those they answered quickly and easily. This leads people to post comments like, "I had a bunch of questions on crypto and hardly any on risk management!" It's a subjective accounting that's made under duress and can't be taken as accurate.

Study all the domains and study them well. When you start seriously thinking about short cuts then that's an indication you need to rethink your study habits and attitude for approaching the exam.