CISSP Study Plan – Day 5 of 55 | SDLC Attacks on Software Security
- Luke Ahmed
- 2 days ago
- 1 min read
"You have surrounded yourself with CISSP , and soon success will come running to you."
- Luke Ahmed
Today is Day 5 of Yihenew’s CISSP study plan, continuing with Systems Development Security, but now shifting the focus toward attacks on software security.
Key Areas Covered:
Injection Attacks — SQL injection, command injection, and input validation weaknesses that let attackers manipulate application behavior
Buffer Overflows — exploiting poor memory management to execute arbitrary code
Race Conditions — manipulating timing to access resources in an unsafe sequence
Cross-Site Scripting (XSS) & Cross-Site Request Forgery (CSRF) — exploiting trust between a user and a web application
Backdoors & Logic Bombs — malicious code inserted intentionally or hidden in applications, waiting for the right trigger
In this CISSP study plan session, Yihenew reinforced that understanding common software attack vectors is just as important as knowing secure development practices. Recognizing how attackers think helps you design countermeasures early in the lifecycle—closing the door before exploits can even be attempted.
If you’re building your own CISSP preparation plan, these software attack concepts are critical for mastering the Systems Development Security domain and directly tie into Security Engineering and Software Development Security on the exam.
Follow his full journey on TikTok or check out Day 6.
Yihenew's Resources in the Video:
Course
Practice Questions
