Different: Application Development Security & Software Development Security

busoh.sensenbusoh.sensen Member Posts: 13 ■□□□□□□□□□
hi,
i want to ask the different between Application Development Security & Software Development Security.

Application Development Security:

Understand & apply security in the system life cycle
-system development life cycle (sdlc)
-maturity models
-operation & maintenance
-change management
-perform risk analysis

Understand the application environment & security controls
-security of the app. environment
-security issues of programming languages
-security issues in source code (e.g, buffer overflow)
-config management

Assess the effectiveness of application security
-certification & reditation
-auditing & logging
-corrective actions

============================================

Software Development Security:

Understand & apply security in the software development lifecycle
-Development life cycle
-maturity models
-operation & maintenance
-change management

Understand the environment & security controls
-security of the app. environment
-security issues of programming languages
-security issues in source code (e.g, buffer overflow, escalation of privilege)
-config management

Assess the effectiveness of software security

if we see from his overview just like same at all to me. Is there just simply changing the title or there are also replaced subdomain or anything like that?
I know, this has been discussed in

http://www.techexams.net/forums/isc-sscp-cissp/67388-updated-cissp-exam.html
http://www.techexams.net/forums/isc-sscp-cissp/67811-cissp-sscp-2012-update.html

but I want to know the details for my exam this year.
im affraid if i register for next year, the exam will make a big change the domain Application / Software security all of that & must buy a new book (again) just for one new domain icon_cry.gificon_cry.gificon_cry.gif

note: i just read this book:
cissp study guide (sybex 2008, 4th edition)
AIO 5th edition
OIG 2007 (cissp cbk)
CISSP study guide (2010, syngress)


many thx..

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,725 Admin
    They are the same thing. "Application" was a marketing term popular in the 1990's for differentiating a GUI program (like MS Word) from a command line program. The windows on your GUI desktop are suppose to be the "application" and the operational stuff inside of them you can't see is the "software." Obviously, we're concerned with securing (hardening) all software and not just application software.
  • busoh.sensenbusoh.sensen Member Posts: 13 ■□□□□□□□□□
    JDMurray wrote: »
    They are the same thing. "Application" was a marketing term popular in the 1990's for differentiating a GUI program (like MS Word) from a command line program. The windows on your GUI desktop are suppose to be the "application" and the operational stuff inside of them you can't see is the "software." Obviously, we're concerned with securing (hardening) all software and not just application software.

    thanks JDMurray, at least I dont have to buy new books again icon_study.gif
Sign In or Register to comment.