To Contact Me

Phone: 07768 113497

Fax: 01473 423491

CISSP Domain 4 : APPLICATIONS & SYSTEMS DEVELOPMENT SECURITY

Home Page | Network Penetration Testing | Firewall and VPN Engineering | Network Design | Security Policy | Network Support | Employment / Contract History | CV and References | Personal

.Overview

Applications and systems development security refers to the controls that are

included within systems and applications software and the steps used in their

development. Applications refer to agents, applets, software, databases,

data warehouses, and knowledge-based systems. These applications may

be used in distributed or centralized environments.

The candidate should fully understand the security and controls of the

systems development process, system life cycle, application controls, change

controls, data warehousing, data mining, knowledge-based systems, program

interfaces, and concepts used to ensure data and application integrity,

security, and availability.

Key Areas of Knowledge

§ Application Issues

§  Distributed Environment

§  Agents

§  Applets

§  Active-X

§  Java

§  Objects

§  Local/Non-distributed Environment

§  Viruses

§  Trojan Horses

§  Logic Bombs

§  Worms

§  Databases and Data Warehousing

§  Aggregation

§  Data Mining

§  Inference

§  Polyinstantiation

§  Multi-Level Security

§  Data Base Management System (DBMS) Architecture

§  Data/Information Storage

§  Primary

§  Secondary

§  Real

§  Virtual

§  Random

§  Volatile

§  Sequential

§  Knowledge-based

Systems

§  Expert Systems

§  Neural Networks

§  Systems Development

Controls

§  System Development

Life Cycle

§  Conceptual Definition

§  Functional Requirements

Determination

§  Protection Specifications

Development

§  Design Review

§  Code Review or

Walk-Through

§  System Test Review

§  Certification

§  Accreditation

§  Maintenance

§  Security Control

Architecture

§  Process Isolation

§  Hardware Segmentation

§  Separation of Privilege

§  Accountability

§  Layering

§  Abstraction

§  Data Hiding

§  System High

§  Security Kernel

§  Reference Monitor

§  Modes of Operation

§  Supervisor

§  User

§  Integrity Levels

§  Network/System

§  Operating System

§  Database

§  File

§  Service Level

Agreement

§ Malicious Code

§  Definitions

§  Jargon

§  Myths/hoaxes

§  The concept of

hackers, crackers,

phreaks, and virus writers

§  Anti-viral protection

§  Anti-viral software

§  Various types of

§  Trojan horses

§  Active-X

§  Java

§  Trap doors

computer viruses

§  Multi-partite

§  Macro

§  Boot sector infectors

§  Macintosh

§  File infectors

§  Logic bombs

§ Methods of attack

§  Brute force or exhaustive attack

§  Denial of service

§  Dictionary attacks

§  Spoofing

§  Pseudo flaw

§  Alteration of authorized code

§  Hidden code

§  Logic bomb

§  Trap door

§  Interrupts

§  Remote maintenance

§  Browsing