Application Security/CISSP

flatworldflatworld Member Posts: 89 ■■□□□□□□□□
Is there a growing trend of Application Security, specifically Change Control methdology/procedures etc to focus on during studies?
Next up: OSCP

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,709 Admin
    It's likely that the release of the CSSLP certification for secure software development has influenced the revision of CISSP exam items for the Application Security CISSP CBK domain. I think it might be useful to have a basic understanding of how CM contributes to the Secure Software Development Life Cycle (SSDLC). In fact, a good understanding of the SSDLC couldn't hurt either.
  • drk1980drk1980 Member Posts: 19 ■□□□□□□□□□
    flatworld,
    Yes change control & patch management are important areas for the exam. Just know the concepts...
  • hustlin_moe20hustlin_moe20 Member Posts: 225
    drk1980 wrote: »
    flatworld,
    Yes change control & patch management are important areas for the exam. Just know the concepts...
    I'm going to brush up on these myself. I don't have much time left.
  • flatworldflatworld Member Posts: 89 ■■□□□□□□□□
    I had my exam on Sunday. So now the wait begins.
    Two of my coworkers have both said they were positive they failed when they walked out, and one of them said they didnt know the answer to the first 30 questions, yet they passed..................

    I was just curious if application security is going to be elevated to one of the more unofficial "important" domains. There's a thread on a competing website forum for CISSp, that lists 5 domains, that their community generally agrees on that CISSP test takers need to focus on, with application security being the "sixth" unofficial domain that is getting more focus as time goes on.

    I can attest to this .................................
    Waiting for results...
    Next up: OSCP
  • cabrillo24cabrillo24 Member Posts: 137
    flatworld wrote: »
    I had my exam on Sunday. So now the wait begins.
    Two of my coworkers have both said they were positive they failed when they walked out, and one of them said they didnt know the answer to the first 30 questions, yet they passed..................

    I was just curious if application security is going to be elevated to one of the more unofficial "important" domains. There's a thread on a competing website forum for CISSp, that lists 5 domains, that their community generally agrees on that CISSP test takers need to focus on, with application security being the "sixth" unofficial domain that is getting more focus as time goes on.

    I can attest to this .................................
    Waiting for results...

    Focusing on the top 5 domains definitely helped me in my studies. I studied every domain, but put a greater emphasis on those 5 domains. You can only study so long for a certification before you absolutely get burned out.
    Next Up...
    CCNA: Security (210-260)
    Date: TBD
  • hustlin_moe20hustlin_moe20 Member Posts: 225
    flatworld wrote: »
    I had my exam on Sunday. So now the wait begins.
    Two of my coworkers have both said they were positive they failed when they walked out, and one of them said they didnt know the answer to the first 30 questions, yet they passed..................

    I was just curious if application security is going to be elevated to one of the more unofficial "important" domains. There's a thread on a competing website forum for CISSp, that lists 5 domains, that their community generally agrees on that CISSP test takers need to focus on, with application security being the "sixth" unofficial domain that is getting more focus as time goes on.

    I can attest to this .................................
    Waiting for results...
    Anyone care to share what those domains are?
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,709 Admin
    The worst things you can do is believe that you have a better chance of passing by studying well only a few of the domains because most of the exam items will be about them. This isn't true.

    All of the domains are fairly equally weighted on every exam. People tend to remember the items that have the most trouble on, and don't remember those they answered quickly and easily. This leads people to post comments like, "I had a bunch of questions on crypto and hardly any on risk management!" It's a subjective accounting that's made under duress and can't be taken as accurate.

    Study all the domains and study them well. When you start seriously thinking about short cuts then that's an indication you need to rethink your study habits and attitude for approaching the exam.
Sign In or Register to comment.