Different: Application Development Security & Software Development Security
busoh.sensen
Member Posts: 13 ■□□□□□□□□□
in SSCP
hi,
i want to ask the different between Application Development Security & Software Development Security.
Application Development Security:
Understand & apply security in the system life cycle
-system development life cycle (sdlc)
-maturity models
-operation & maintenance
-change management
-perform risk analysis
Understand the application environment & security controls
-security of the app. environment
-security issues of programming languages
-security issues in source code (e.g, buffer overflow)
-config management
Assess the effectiveness of application security
-certification & reditation
-auditing & logging
-corrective actions
============================================
Software Development Security:
Understand & apply security in the software development lifecycle
-Development life cycle
-maturity models
-operation & maintenance
-change management
Understand the environment & security controls
-security of the app. environment
-security issues of programming languages
-security issues in source code (e.g, buffer overflow, escalation of privilege)
-config management
Assess the effectiveness of software security
if we see from his overview just like same at all to me. Is there just simply changing the title or there are also replaced subdomain or anything like that?
I know, this has been discussed in
http://www.techexams.net/forums/isc-sscp-cissp/67388-updated-cissp-exam.html
http://www.techexams.net/forums/isc-sscp-cissp/67811-cissp-sscp-2012-update.html
but I want to know the details for my exam this year.
im affraid if i register for next year, the exam will make a big change the domain Application / Software security all of that & must buy a new book (again) just for one new domain
note: i just read this book:
cissp study guide (sybex 2008, 4th edition)
AIO 5th edition
OIG 2007 (cissp cbk)
CISSP study guide (2010, syngress)
many thx..
i want to ask the different between Application Development Security & Software Development Security.
Application Development Security:
Understand & apply security in the system life cycle
-system development life cycle (sdlc)
-maturity models
-operation & maintenance
-change management
-perform risk analysis
Understand the application environment & security controls
-security of the app. environment
-security issues of programming languages
-security issues in source code (e.g, buffer overflow)
-config management
Assess the effectiveness of application security
-certification & reditation
-auditing & logging
-corrective actions
============================================
Software Development Security:
Understand & apply security in the software development lifecycle
-Development life cycle
-maturity models
-operation & maintenance
-change management
Understand the environment & security controls
-security of the app. environment
-security issues of programming languages
-security issues in source code (e.g, buffer overflow, escalation of privilege)
-config management
Assess the effectiveness of software security
if we see from his overview just like same at all to me. Is there just simply changing the title or there are also replaced subdomain or anything like that?
I know, this has been discussed in
http://www.techexams.net/forums/isc-sscp-cissp/67388-updated-cissp-exam.html
http://www.techexams.net/forums/isc-sscp-cissp/67811-cissp-sscp-2012-update.html
but I want to know the details for my exam this year.
im affraid if i register for next year, the exam will make a big change the domain Application / Software security all of that & must buy a new book (again) just for one new domain
note: i just read this book:
cissp study guide (sybex 2008, 4th edition)
AIO 5th edition
OIG 2007 (cissp cbk)
CISSP study guide (2010, syngress)
many thx..
Comments
-
JDMurray
Admin Posts: 13,092 Admin
They are the same thing. "Application" was a marketing term popular in the 1990's for differentiating a GUI program (like MS Word) from a command line program. The windows on your GUI desktop are suppose to be the "application" and the operational stuff inside of them you can't see is the "software." Obviously, we're concerned with securing (hardening) all software and not just application software. -
busoh.sensen
Member Posts: 13 ■□□□□□□□□□
They are the same thing. "Application" was a marketing term popular in the 1990's for differentiating a GUI program (like MS Word) from a command line program. The windows on your GUI desktop are suppose to be the "application" and the operational stuff inside of them you can't see is the "software." Obviously, we're concerned with securing (hardening) all software and not just application software.
thanks JDMurray, at least I dont have to buy new books again