Domain 8 - Index

# Domain 8 - Index Domain 8 covers secure software concepts across the lifecycle—requirements, design, coding, testing, deployment, and maintenance—so you can identify weaknesses and specify the right controls. ## Concepts 1. [[Secure SDLC Models (Waterfall Agile DevSecOps)]] 2. [[Security Requirements Engineering]] 3. [[Threat Modeling for Developers (STRIDE DFD)]] 4. [[Secure Design Principles (Least Privilege Fail Safe Economy of Mechanism)]] 5. [[Secure Architecture Patterns (Layered Microservices Zero Trust)]] 6. [[Privacy by Design and Data Classification in SDLC]] 7. [[Cryptography Fundamentals for Developers]] 8. [[Application Key Management and Secrets Management]] 9. [[Authentication Best Practices (Passwordless MFA OIDC)]] 10. [[Authorization Design (RBAC ABAC Policy Engines)]] 11. [[Web Session Management (Cookies Tokens Timeouts)]] 12. [[Input Validation and Output Encoding]] 13. [[Secure Database Access and SQL Injection Prevention]] 14. [[Web XSS Defenses and Content Security Policy (CSP)]] 15. [[CSRF Defense Patterns]] 16. [[SSRF Prevention and Server-Side Protections]] 17. [[Unsafe Deserialization and Object Injection]] 18. [[File Upload Security and Path Traversal]] 19. [[Secure Error Handling and Logging for Apps]] 20. [[API Security Fundamentals (REST GraphQL gRPC)]] 21. [[Microservices Security (Service Identity mTLS)]] 22. [[Dependency Management SCA and SBOM in SDLC]] 23. [[Build Integrity and Supply Chain Security (Signing Provenance)]] 24. [[CI CD Security (Runners Secrets Artifacts)]] 25. [[Code Review for Security (Peer Review Checklist)]] 26. [[Security Testing Strategy (Unit Integration E2E Fuzz)]] 27. [[Secure HTTP Headers (HSTS Frame Ancestors CORS)]] 28. [[Mobile App Security Basics (iOS Android)]] 29. [[Infrastructure as Code Security in SDLC]] 30. [[Secure Frameworks and Libraries Selection Criteria]] 31. [[ORM Security Patterns and Pitfalls]] 32. [[Memory Safety and Unsafe Language Risks (C C++ vs Memory-Safe)]] 33. [[Secure Serialization Formats (JSON Protobuf) and Schemas]] 34. [[Message Queue Security (Kafka RabbitMQ SQS)]] 35. [[Event-Driven Architecture Security (Idempotency and Ordering)]] 36. [[Feature Flags and Kill Switches Safety]] 37. [[Deployment Strategies Security (Blue-Green Canary)]] 38. [[Rollback and Release Governance]] 39. [[Application Telemetry and Privacy Controls]] 40. [[Serverless Security (Functions-as-a-Service)]] 41. [[Edge and CDN Security (WAF TLS Caching)]] 42. [[Webhook Security and Request Signing]] 43. [[CORS Design Deep Dive and Anti-Patterns]] 44. [[Caching and Cache Poisoning Defenses]] 45. [[JWT Usage and Pitfalls]] 46. [[OAuth Scopes and Consent Governance]] 47. [[Multi-Tenancy and Data Isolation Patterns]] 48. [[Row-Level Security and Attribute-Based Filters]] 49. [[Search and NoSQL Security (Elasticsearch MongoDB)]] 50. [[Message Replay and Idempotency Keys]] 51. [[Rate Limiting and Anti-Automation (Bots)]] 52. [[Regular Expression Safety (ReDoS)]] 53. [[Unicode and Internationalization Security (i18n L10n)]] 54. [[Time Locale and Number Parsing Security]] 55. [[Temporary Files and Safe File Handling]] 56. [[Scheduler and Cron Security for Applications]] 57. [[Secrets in Containers and Environment Variables]] 58. [[Application Configuration Management and Twelve-Factor Security]] 59. [[Cryptographic Agility and Key Rotation in Apps]] > Also see: [[MOC - CISSP]]