Domains of CISSP: Application Development Security

Search Knowledge Center:

Latest Articles:

Domains of CISSP: Application Development Security

Overview

Application security refers to the controls that are included within systems and applications software and the steps used in their development. Applications refer to agents, applets, software, databases, data warehouses, and knowledge-based systems. These applications may be used in distributed or centralized environments.

The candidate should fully understand the security and controls of the systems development process, system life cycle, application controls, change controls, data warehousing, data mining, knowledge-based systems, program interfaces, and concepts used to ensure data and application integrity, security, and availability.

Key Areas of Knowledge

Understand and apply security in the system life cycle
- Systems Development Life Cycle (SDLC)
- Maturity models
- Operation and maintenance
- Change Management
- Perform risk analysis
Understand the application environment and security controls
- Security of the application environment
- Security issues of programming languages
- Security issues in source code (e.g., buffer overflow)
- Configuration management
Assess the effectiveness of application security
- Certification and accreditation
- Auditing and logging
- Corrective actions

Copyright© Ashford Global IT. 2012. All rights reserved.
ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries.
IT Infrastructure Library® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries.

[ Home of ITIL V3] [ Security Course ] [ Security Certified Training ] [ ITIL Service ] [ ITIL Certified ] [ ITIL Training ] [ ITIL Foundation Certification ] [ Information Technology Infrastructure Library ] [ ITIL Manager ]