Software Development — CISSP Practice Questions

Software development, as tested on the CISSP exam, encompasses the processes, methodologies, languages, and security practices used to create and maintain applications. Domain 8 evaluates whether candidates understand common development vulnerabilities such as injection flaws, improper input validation, and insecure deserialization, and the controls that prevent them. Candidates must also know the difference between source code review, static analysis, and dynamic testing, and when each is appropriate. The domain further covers acquired software security, including evaluating third-party libraries and commercial off-the-shelf products for risk.

Free questions on software development