Mar 23
Loading video player...
Security doesn't start after you ship. CISSP Domain 8 Part 1. Covered: - SDLC phases and which security activities belong in each - Requirements phase: security requirements, data classification, compliance scope - Design phase: threat modeling (STRIDE), trust boundaries, crypto decisions - Implementation: secure coding, SAST, code reviews - Testing: DAST, penetration testing, acceptance testing - Deployment: secure baseline, pipeline security - Disposal: data sanitization, decommission - Waterfall vs. Agile security integration - DevSecOps and shift-left security philosophy - Development models: Spiral, RAD, SCRUM, XP - Third-party risks: Log4Shell, SolarWinds, and SBOM - Secure design: fail-secure, input validation, least privilege, session management Straight to the point. No fluff. Part of the Professor Erica CISSP Series -- 43 videos. This is Professor Erica, signing off.