LearnKey Training

CISSP Software Development Security 2015 Course

CISSP Software Development Security 2015 Course

CISSP Software Development Security 2015 Course

1 Sessions -
3 Hours of Interactive Training

LearnKey's CISSP Software Development Security 2015 course is one of 8 domains making up the Certified Information Systems Security Professional (CISSP) Common Body of Knowledge (CBK). Join LearnKey expert Michael Solomon as he presents information on software development, databases, data storage, and common attacks that must be protected against. At the conclusion of this course, learners will be familiar with the issues and concepts of the Software Development Security knowledge required to pass the CISSP exam.

  • Be up-to-date with training based on the most recent CISSP CBK
  • Interactive labs, and dozens of pre/post test questions
  • View your online courseware anytime, anywhere

About The Author
Michael Solomon, CISSP, PMP®, TICSA, is a speaker, consultant and trainer who specializes in project management and database application-level security topics. Since 1987 Solomon has worked on IT projects or instructed for more than 60 organizations including EarthLink, Nike, Lucent Technologies, BellSouth, UPS, Boart Longyear, and the U.S. Coast Guard. Solomon holds an MS in Computer Science from Emory University (1998), and a BS in Computer Science from Kennesaw State University (1987) where he was also an instructor from 1998 - 2001. He has been a contributor to various certification books.

Session 1

Section A: Software Development Security

  • Application Issues
  • Local Environment
  • Malicious Code
  • Distributed Environment
  • Applets, Object-Oriented Programming
  • Systems Development Controls
  • Systems Development Life Cycle
  • Certification, Accreditation
  • Project Management Methodologies

Section B: Database Concepts

  • Databases and Data Warehousing
  • Relational Database Concepts
  • Candidate, Primary, Foreign Key
  • Common Database Methods
  • Data Warehouses and Mining
  • Aggregation
  • Inference, Polyinstantiation
  • Maturity Models
  • Operation and Maintenance
  • Change Management
  • Integrated Product Team

Section C: Security in Development Environments

  • Data/Information Storage
  • Virtual Memory
  • Random Memory
  • Knowledge Systems, Security Controls
  • Separation of Privilege, Accountability
  • Layering, Abstraction, Data Hiding
  • Security Kernel, Reference Monitor
  • Modes of Operation

Section D: Malicious Software

  • Malicious Code
  • Viruses
  • Multipartite, Macro
  • Stealth, Polymorphic, Operating Systems
  • Worms, Trojan Horses
  • Logic Bomb, Trapdoor, Scanning
  • Methods of Attack
  • Denial of Service
  • Distributed Denial of Service
  • Buffer Overflows, Hidden Code
  • Time of Check/Use, Rootkits
  • Code Repositories
  • Application Programming Interfaces

Section E: Software Security

  • Audit and Assurance Mechanisms
  • Risk Analysis and Mitigation
  • Acceptance and Testing
  • Assess Software Acquisition Security