CISSP For Dummies

In This Chapter

• Dealing with distributed environments

• Handling object-oriented environments

• Getting a handle on databases and data warehousing

• Using knowledge-based systems

• Understanding the systems development life cycle

• Using application security controls

• Combating malicious code

• Being aware of system attack methods

• Knowing your enemy

Overview

The Application Security domain introduces many important concepts that overlap with other CBK domains.

You must fully understand the principles of applications, application development, and databases. Applications and data are the foundation of information processing; applications can’t exist apart from application development. Application development is essential for software that’s appropriate, reliable, and secure. After all, if you don’t understand how information systems work, how can you be expected to know how to protect them?

Additionally, the CISSP candidate must understand how malicious code works, how hackers attack systems, and how to stop malicious users. Security professionals should be familiar with these issues so that they can guide application developers to create software that strengthens and defends systems against attacks.