CSSLP: Certified Secure Software Lifecycle Professional


Duration: 5 days
CPE Credits: 35
Course Number: SEC-317
CSSLP Training: (ISC)² LOGO - Intrinsec

This authorized CSSLP training seminar is a five day, 35 CPE course offered to you by Intrinsec Security – an official training partner of (ISC)².

CSSLP Training Information

Led by an (ISC)² authorized instructor, the following course is an official (ISC)² training seminar for the Certified Secure Software Lifecycle Professional (CSSLP) certification, which confirms that a software professional has the expertise to incorporate security practices into each phase of the SDLC, from software design and implementation to testing and deployment.

The training and provided course material for this official (ISC)² training seminar will teach students how to build secure software. Additionally, this course will also help students successfully prepare for the CSSLP exam as it provides a comprehensive review of the eight domains for the CSSLP Common Body of Knowledge (CBK).

Aside from a reserved seat in an upcoming CSSLP training seminar, the resources provided to students include (ISC)²’s official courseware and “Study tools”, which include the CSSLP flashcards and student handbook. When you combine (ISC)²’s instructor-led training with the provided course material, this CSSLP training seminar is a great resource for those interested in passing the CSSLP exam or reviewing/refreshing their application security knowledge.

What Comes With This Course

  • Five Days of Official CSSLP Training from an Authorized (ISC)² Instructor
  • Official (ISC)² CSSLP Training Courseware
  • Official (ISC)² CSSLP Training Student Handbook
  • Official (ISC)² CSSLP Training Flashcards
  • Practical Experience with Realistic Scenario Based Learning Activities
  • 60 Days of OnDemand Access to the Recordings of your CSSLP Session (Video & Audio)

*CSSLP Exam Voucher Available for Additional Cost ($549 USD)*



What You Will Learn

This official CSSLP training seminar is based on the eight CSSLP domains of the (ISC)² Common Body of Knowledge (CBK), ensuring students successfully prepare for the CSSLP exam and enhancing their overall competencies in secure software development.

Domain 1: Secure Software Concepts

Domain 1: Secure Software Concepts

The first domain of our CSSLP course covers the mechanisms that permit managers of a software system to exercise a directing or restraining influence over the behavior, use, and content of the system. These concepts permit management to specify what users can do, which resources managers can access, and what operations they can perform on a system.

Student Learning Objectives
  • Core Concepts
  • Security Design Principles
  • Privacy
  • Governance, Risk and Compliance (GRC)
  • Software Development Methodologies
Domain 2: Secure Software Requirements

Domain 2: Secure Software Requirements

The Secure Software Requirements domain covers the controls used during the requirements phase of the Software Development Lifecycle to integrate security into the software development process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.

Student Learning Objectives
  • Policy Decomposition
  • Data Classification and Categorization
  • Functional Requirements
  • Operational Requirements
Domain 3: Secure Software Design

Domain 3: Secure Software Design

This domain, Secure Software Design, addresses the definition of the overall structure of the software from a security perspective, documenting the elements of the software attack surface, conducting threat modeling, and defining and specific security criteria that must be met before the software is released.

Student Learning Objectives
  • Design Processes
  • Design Considerations
  • Securing Commonly Used Architecture
  • Technologies
Domain 4: Secure Software Implementation/Coding

Domain 4: Secure Software Implementation/Coding

The Secure Software Implementation/Coding domain involves the application of coding and testing standards, applying security testing tools including “fuzzing”, static-analysis code scanning tools, and conducting code reviews.

Student Learning Objectives
  • Declarative Versus Imperative
  • Vulnerability Databases
  • Defensive Coding Practices and Controls
  • Source Code and Versioning
  • Development and Build Environment
  • Code/Peer Review
  • Code Analysis
  • Anti-Tampering Techniques
Domain 5: Secure Software Testing

Domain 5: Secure Software Testing

The Secure Software Testing domain refers to the phase in the secure software development lifecycle where the software is functionally complete and ready to enter user beta testing. The goal of Secure Software Testing phase is to determine if the final software meets the requirements.

Student Learning Objectives
  • Testing Artifacts
  • Testing for Security and quality Assurance
  • Types of Testing
  • Impact Assessment and Corrective Action
  • Test Data Lifecycle Management
Domain 6: Software Acceptance

Domain 6: Software Acceptance

The Software Acceptance domain covers the content in determining if the software is ready to deliver to customers from a security viewpoint. The domain provides an overall picture of the security posture of the software and the likelihood that it will be able to withstand attack after the software has been released to customers.

Student Learning Objectives
  • Pre-Release and Pre-Deployment
  • Post-Release
Domain 7: Deployment, Operations, Maintenance and Disposal

Domain 7: Software Deployment, Operations, Maintenance and Disposal

The Software Deployment, Operations, Maintenance and Disposal domain deals with the vulnerabilities that have not been eliminated from the software as shipped as well as new attacks that would be discovered after the software has been shipped, and when software that was “secure” would be found to be vulnerable. The objective in this domain is to learn from errors and to use the information provided in vulnerability reports to help detect and eliminate further vulnerabilities before they are discovered in the field and used to put customers at risk. The problem management process also helps the product team and the security team adapt processes so that similar errors are not introduced in the future.

Student Learning Objectives
  • Installation and Deployment
  • Operations and Maintenance
  • Software Disposal
Domain 8: Supply Chain and Software Acquisition

Domain 8: Supply Chain and Software Acquisition

The last domain in this course, Supply Chain and Software Acquisition, provides a holistic outline of the knowledge and tasks required by a CSSLP candidate in managing risk for outsourced development, acquisition, and procurement of software and related services (e.g. Cloud Computing, Mobile Application development). This domain defines the expectations of an organization when acquiring software such that it can be assured that a product will not act maliciously, whether intended or not, nor disrupt its business and result in negative financial impact.

Student Learning Objectives
  • Supplier Risk Assessment
  • Supplier Sourcing
  • Software Development and Test
  • Software Delivery, Operations and Maintenance
  • Supplier Transitioning

This CSSLP Training Program Is Brought To You By:



Two Things You Should Know About Intrinsec


With the YOU PASS WE PAY promo, you’re eligible to receive $300 if you pass the CSSLP exam within 90 days of completing this course!

*See terms & conditions for details.


Our PRICE MATCH GUARANTEE is simple – not only do you get the most effective training available, but you also pay the best price!


Why Yes, We Do Provide Group Training!

We have multiple options for you to lower costs and get more of your people trained.


Jan 15 - 19, 2018 9:00am - 5:00pm EST Toronto, ON USD $3,345.00
Jan 15 - 19, 2018 9:00am - 5:00pm EST Live Online USD $3,345.00

Request Group Training