Security+: Secure Application Development and Deployment Concepts

Background

Currently, the CompTIA Security+ Exam has two active versions: SY0-401 and SY0-501. The SY0-501 version was launched October 4, 2017 and is the most recent version of the exam. As of May 25, it is the only recognized version of the exam going forward.

Secure Application Development and Deployment is one of the subdomains covered under Domain 3 (Architecture and Design) of the Security+ Exam. Of the exam’s 90 questions, 15% (13.5 on average) of questions are targeted at this domain and the domain has 9 subdomains, meaning that each concept should feature in one or two questions on average.

The rest of this article is dedicated to describing the content of the Secure Application Development and Deployment subdomain. The subdomain includes seven major concepts, some of which have specific subpoints.

What’s Covered

The Secure Application Development and Deployment section of the Security+ Exam includes several topics, some of which are divided further into subtopics. Here, we’ll provide a brief introduction to the concepts covered by this section of the Security+ exam.

Development Life-Cycle Models

The first concept covered within the Secure Application Development and Deployment section is development life-cycle models. The focus of this concept is comparing the Waterfall and Agile models for the software development life-cycle.

Secure DevOps

DevOps is a development philosophy that attempts to cut out unnecessary overhead in order to allow software to be developed more quickly and efficiently. The Security+ exam covers several topics related to the security and logistics of DevOps.

Human beings are very slow compared to computers, which is a weakness when dealing with potential cyber threats. Security Automation involves automating tasks commonly performed by security analysts to reduce their workload (freeing them up to handle tasks that cannot be automated) and improve response time.

Continuous Integration is a (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Chris Sienko. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/M8xqIvfqdac/