• Complain
LitArk » Books » Computer

Conrad Eric - CISSP Study Guide

Here you can read online Conrad Eric - CISSP Study Guide full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2015, publisher: Elsevier Science, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

No cover

CISSP Study Guide: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "CISSP Study Guide" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Conrad Eric: author's other books


Who wrote CISSP Study Guide? Find out the surname, the name of the author of the book and a list of all author's works by series.


No cover
No cover
Conrad Eric
Eleventh Hour CISSP Study Guide
No cover
No cover
Conrad Eric
Eleventh Hour CISSP
No cover
No cover
Conrad Eric
CISSP Study Guide

CISSP Study Guide — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "CISSP Study Guide" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
1234567...181
CISSP Study Guide Third Edition Eric Conrad Seth Misenar Joshua Feldman - photo 1
CISSP Study Guide
Third Edition
Eric Conrad
Seth Misenar
Joshua Feldman
Technical Editor
Bryan Simon
Table of Contents Copyright Acquiring Editor Chris Katsaropoulos Editorial - photo 2
Table of Contents
Copyright

Acquiring Editor: Chris Katsaropoulos

Editorial Project Manager: Anna Valutkevich

Project Manager: Priya Kumaraguruparan

Designer: Mark Rogers

Syngress is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA

Copyright 2016, 2012, 2011 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

ISBN: 978-0-12-802437-9

For information on all Syngress publications visit our website at store.elsevier.com/Syngress

Chapter 9 Domain 8 Software Development Security Understanding Applying and - photo 3

Chapter 9
Domain 8: Software Development Security (Understanding, Applying, and Enforcing Software Security)
Abstract

Chapter 9 introduces Domain 8 of the CISSP, Software Development Security. The most important aspects of this domain are related to managing the development of software and applications. Approaches to software development that attempt to reduce the likelihood of defects or flaws are a key topic in this domain. In particular, the Waterfall, Spiral, and Rapid Application Development (RAD) models of the software development are considered. Another significant portion of this chapter is dedicated to understanding the principles of Object Oriented programming and design. A basic discussion of several types of software vulnerabilities and the issues surrounding disclosure of the vulnerabilities are also a topic for this domain. Finally, databases, being a key component of many applications, are considered.

Keywords
Extreme Programming
Object
Object-Oriented Programming
Procedural languages
Spiral Model
Systems Development Life Cycle
Waterfall Model

Exam objectives in this chapter

Programming Concepts
Application Development Methods
Databases
Object-Oriented Design and Programming
Assessing the Effectiveness of Software Security
Artificial Intelligence
Unique Terms and Definitions
Extreme Programming (XP)an Agile development method that uses pairs of programmers who work off a detailed specification
ObjectA black box that combines code and data, and sends and receives messages
Object-Oriented Programmingchanges the older procedural programming methodology, and treats a program as a series of connected objects that communicate via messages
Procedural languagesprogramming languages that use subroutines, procedures and functions
Spiral Modela software development model designed to control risk
Systems Development Life Cyclea development model that focuses on security in every phase
Waterfall ModelAn application development model that uses rigid phases; when one phase ends, the next begins
Introduction
Software is everywhere: not only in our computers, but also in our houses, our cars, and our medical devices, and all software programmers make mistakes. As software has grown in complexity, the number of mistakes has grown along with it. We will learn in this chapter that programmers may make 1550 mistakes per thousand lines of code, but following a programming maturity framework such as the Capability Maturity Model (CMM) can lower that number to 1 mistake per thousand. That sounds encouraging, but remember that the Microsoft Vista operating system has 50 million (50,000,000) lines of code. Newer OSs such as Windows 10 likely have more.
As our software has grown in complexity, the potential impact of a software crash has also grown. Many cars are now connected to the Internet and use fly by wire (software) to control the vehicle: in that case, the gearshift is no longer directly mechanically connected to the transmission; instead, it serves as an electronic input device, like a keyboard. What if a software crash interrupts I/O? What if someone remotely hacks into the car and takes control of it, as demonstrated by Charlie Miller and Chris Valasek?
Developing software that is robust and secure is critical: this chapter will show how to do that. We will cover programming fundamentals such as compiled versus interpreted languages, as well as procedural and object-oriented programming languages. We will discuss application development models such as the Waterfall Model , Spiral Model , and Extreme Programming (XP) and others. We will also discuss newer concepts such as DevOps , added in the 2015 exam update. We will describe common software vulnerabilities, ways to test for them, and maturity frameworks to assess the maturity of the programming process and provide ways to improve it.
Programming Concepts
Let us begin by understanding some cornerstone programming concepts. As computers have become more powerful and ubiquitous, the process and methods used to create computer software has grown and changed. Keep in mind that one method is not necessarily better than another: As we will see in the next section, high-level languages such as C allow a programmer to write code more quickly than a low-level language such as assembly, but code written in assembly can be far more efficient. Which is better depends on the need of the project.
Next page
1234567...181
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «CISSP Study Guide»

Look at similar books to CISSP Study Guide. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


No cover
No cover
Phil Martin
Essential CISSP Exam Guide: Updated for the 2018 CISSP Body of Knowledge
No cover
No cover
Jones
CISSP: 4 in 1- Beginners Guide+ Guide to learn CISSP Principles+ The Fundamentals of Information Security Systems for CISSP Exam+ A Comprehensive Guide of Advanced Methods
No cover
No cover
Conrad Eric
Eleventh Hour CISSP Study Guide
No cover
No cover
Feldman Joshua Misenar Seth Conrad Eric
CISSP Study Guide
No cover
No cover
Conrad Eric
Eleventh Hour CISSP
Eric Conrad - Eleventh Hour CISSP®. Study Guide
Eleventh Hour CISSP®. Study Guide
Eric Conrad
Eleventh Hour CISSP®. Study Guide
No cover
No cover
Misenar Seth
CISSP study guide, second edition
No cover
No cover
Eric Conrad
Eleventh Hour CISSP, Second Edition: Study Guide
No cover
No cover
Eric Conrad
CISSP Study Guide, Second Edition
Lawrence C. Miller CISSP - CISSP For Dummies
CISSP For Dummies
Lawrence C. Miller CISSP
CISSP For Dummies
No cover
No cover
James M. Stewart
CISSP: Certified Information Systems Security Professional Study Guide
Steven Hernandez CISSP - Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press)
Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press)
Steven Hernandez CISSP
Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press)
Reviews about «CISSP Study Guide»

Discussion, reviews of the book CISSP Study Guide and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.