Question on Software Development Sercurity for those that have taken CISSP

pcgizzmopcgizzmo Member Posts: 127
This is one of the domains I have the least experience in and I'm having trouble learning because it is really boring to me. Can you elaborate how much of this you felt was on your test and how deep you think one needs to go to be ready to answer the types of questions that are on the test regarding this domain? Thanks.....

Comments

  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,715 Admin
    AppSec is probably the most difficult domain in the CISSP CBK for non-software developers to grasp. It's difficult to relate the virtual/theoretical concepts of software engineering to equivalents in the real world (e.g., how an automobile operates, how a house is built, the workflow of project management).

    As to how many AppSec items you will see on your CISSP exam, no one outside of the (ISC)2 exam department really knows. Many exam items may contain information from two or three CBK domains, so counting the actual number of items per domain on any exam is not an easy thing to do. Just to be safe, assume that there are 25 exam items for each of the ten CISSP CBK domains. This makes 225 exam items that count towards the exam score, plus an additional 25 items that are experimental and are not counted.

    Unfortunately, this assumption doesn't get you out of studying the Application Security domain.
  • pcgizzmopcgizzmo Member Posts: 127
    JDMurray wrote: »
    AppSec is probably the most difficult domain in the CISSP CBK for non-software developers to grasp. It's difficult to relate the virtual/theoretical concepts of software engineering to equivalents in the real world (e.g., how an automobile operates, how a house is built, the workflow of project management).

    As to how many AppSec items you will see on your CISSP exam, no one outside of the (ISC)2 exam department really knows. Many exam items may contain information from two or three CBK domains, so counting the actual number of items per domain on any exam is not an easy thing to do. Just to be safe, assume that there are 25 exam items for each of the ten CISSP CBK domains. This makes 225 exam items that count towards the exam score, plus an additional 25 items that are experimental and are not counted.

    Unfortunately, this assumption doesn't get you out of studying the Application Security domain.

    Thanks... I don't really want to get out of studying but I do want to move on to something else and maybe come back to this. I think AppSec is something I'm going to have to absorb a little at a time and hope that I'm able to get enough in over my months of studying to answer whatever questions I have on the test.
Sign In or Register to comment.