Different: Application Development Security & Software Development Security
busoh.sensen
Member Posts: 13 ■□□□□□□□□□
in SSCP
hi,
i want to ask the different between Application Development Security & Software Development Security.
Application Development Security:
Understand & apply security in the system life cycle
-system development life cycle (sdlc)
-maturity models
-operation & maintenance
-change management
-perform risk analysis
Understand the application environment & security controls
-security of the app. environment
-security issues of programming languages
-security issues in source code (e.g, buffer overflow)
-config management
Assess the effectiveness of application security
-certification & reditation
-auditing & logging
-corrective actions
============================================
Software Development Security:
Understand & apply security in the software development lifecycle
-Development life cycle
-maturity models
-operation & maintenance
-change management
Understand the environment & security controls
-security of the app. environment
-security issues of programming languages
-security issues in source code (e.g, buffer overflow, escalation of privilege)
-config management
Assess the effectiveness of software security
if we see from his overview just like same at all to me. Is there just simply changing the title or there are also replaced subdomain or anything like that?
I know, this has been discussed in
http://www.techexams.net/forums/isc-sscp-cissp/67388-updated-cissp-exam.html
http://www.techexams.net/forums/isc-sscp-cissp/67811-cissp-sscp-2012-update.html
but I want to know the details for my exam this year.
im affraid if i register for next year, the exam will make a big change the domain Application / Software security all of that & must buy a new book (again) just for one new domain
note: i just read this book:
cissp study guide (sybex 2008, 4th edition)
AIO 5th edition
OIG 2007 (cissp cbk)
CISSP study guide (2010, syngress)
many thx..
i want to ask the different between Application Development Security & Software Development Security.
Application Development Security:
Understand & apply security in the system life cycle
-system development life cycle (sdlc)
-maturity models
-operation & maintenance
-change management
-perform risk analysis
Understand the application environment & security controls
-security of the app. environment
-security issues of programming languages
-security issues in source code (e.g, buffer overflow)
-config management
Assess the effectiveness of application security
-certification & reditation
-auditing & logging
-corrective actions
============================================
Software Development Security:
Understand & apply security in the software development lifecycle
-Development life cycle
-maturity models
-operation & maintenance
-change management
Understand the environment & security controls
-security of the app. environment
-security issues of programming languages
-security issues in source code (e.g, buffer overflow, escalation of privilege)
-config management
Assess the effectiveness of software security
if we see from his overview just like same at all to me. Is there just simply changing the title or there are also replaced subdomain or anything like that?
I know, this has been discussed in
http://www.techexams.net/forums/isc-sscp-cissp/67388-updated-cissp-exam.html
http://www.techexams.net/forums/isc-sscp-cissp/67811-cissp-sscp-2012-update.html
but I want to know the details for my exam this year.
im affraid if i register for next year, the exam will make a big change the domain Application / Software security all of that & must buy a new book (again) just for one new domain
note: i just read this book:
cissp study guide (sybex 2008, 4th edition)
AIO 5th edition
OIG 2007 (cissp cbk)
CISSP study guide (2010, syngress)
many thx..
Comments
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
thanks JDMurray, at least I dont have to buy new books again