(ISC)2 CSSLP | Certified Secure Software Lifecycle Professional
CSSLP Training Information
Led by an (ISC)2 authorized instructor, the following course is an official (ISC)2 training seminar for the Certified Secure Software Lifecycle Professional (CSSLP) certification, which confirms that a software professional has the expertise to incorporate security practices into each phase of the SDLC, from software design and implementation to testing and deployment.
The training and provided course material for this official (ISC)2 training seminar will teach students how to build secure software. Additionally, this course will also help students successfully prepare for the CSSLP exam as it provides a comprehensive review of the eight domains for the CSSLP Common Body of Knowledge (CBK).
Aside from a reserved seat in an upcoming CSSLP training seminar, the resources provided to students include (ISC)2’s official courseware and study tools, which include the CSSLP flashcards and student handbook. When you combine (ISC)2’s instructor-led training with the provided course material, this CSSLP training seminar is a great resource for those interested in passing the CSSLP exam or reviewing/refreshing their application security knowledge.
Your Registration Includes
- 5 Days of CSSLP Training from an Authorized (ISC)2 Instructor
- Official (ISC)2 CSSLP Training Courseware
- Official (ISC)2 CSSLP Student Guide
- 60 Days of OnDemand Access to the Recordings of your CSSLP Session (Video & Audio)
- NOTE: for Live Online training events only.
*A CSSLP certification exam voucher is available for an additional fee ($549 USD)
What You Will Learn
This (ISC)2 authorized CSSLP training seminar is based on the eight CSSLP domains of the (ISC)2 Common Body of Knowledge (CBK), ensuring students successfully prepare for the CSSLP exam and enhancing their overall competencies in secure software development.
- Domain 1: Secure Software Concepts
- Domain 2: Secure Software Requirements
- Domain 3: Secure Software Architecture and Design
- Domain 4: Secure Software Implementation
- Domain 5: Secure Software Testing
- Domain 6: Secure Software Lifecycle Management
- Domain 7: Software Deployment, Operations, and Maintenance
- Domain 8: Secure Software Supply Chain
Domain 1: Secure Software Concepts
- Core Concepts
- Security Design Principles
Domain 2: Secure Software Requirements
- Define Software Security Requirements
- Identify and Analyze Compliance Requirements
- Identify and Analyze Data Classification Requirements
- Identify and Analyze Privacy Requirements
- Develop Misuse and Abuse Cases
- Develop Security Requirement Traceability Matrix (STRM)
- Ensure Security Requirements Flow Down to Suppliers/Providers
Domain 3: Secure Software Architecture and Design
- Perform Threat Modeling
- Define the Security Architecture
- Performing Secure Interface Design
- Performing Architectural Risk Assessment
- Model (Non-Functional) Security Properties and Constraints
- Model and Classify Data
- Evaluate and Select Reusable Secure Design
- Perform Security Architecture and Design Review
- Define Secure Operational Architecture
- Use Secure Architecture and Design Principles, Patterns, and Tools
Domain 4: Secure Software Implementation
- Adhere to Relevant Secure Coding Practices
- Analyze Code for Security Risks
- Implement Security Controls
- Address Security Risks
- Securely Reuse Third-Party Code or Libaries
- Securely Integrate Components
- Apply Security During the Build Process
Domain 5: Secure Software Testing
- Develop Security Test Cases
- Develop Security Testing Strategy and Plan
- Verify and Validate Documentation
- Identify Undocumented Functionality
- Analyze Security Implications of Test Results
- Classify and Track Security Errors
- Secure Test Data
- Perform Verification and Validation Testing
Domain 6: Secure Software Lifecycle Management
- Secure Configuration and Version Control
- Define Strategy and Roadmap
- Manage Security Within a Software Development Methodology
- Identify Security Standards and Frameworks
- Define and Develop Security Documentation
- Develop Security Metrics
- Decommission Software
- Report Security Status
- Incorporate Integrated Risk Management (IRM)
- Promote Security Culture in Software Development
Domain 7: Secure Software Deployment, Operations, and Maintenance
- Perform Operational Risk Analysis
- Release Software Securely
- Securely Store and Manage Security Data
- Ensure Secure Installation
- Perform Post-Deployment Security Testing
- Obtain Security Approval to Opterate
- Perform Information Security Continuous Monitoring (ISCM)
- Support Incident Response
- Perform Patch Management
- Perform Vulnerability Management
- Runtime Protection
- Support Continuity of Operations
- Integrate Service Level Objectives (SLO) and Service Level Agreements (SLA)
Domain 8: Secure Software Supply Chain
- Implement Software Supply Chain Risk Management
- Analyze Security of Third-Party Software
- Verify Pedigree and Provenance
- Ensure Supplier Security Requirements in the Acquisition Process
- Support Contractual Requirements
The intended audience for the CSSLP training program is professionals who are involved in any phase of the software development life-cycle and those who are responsible for application security practices. Typically speaking, CSSLP is ideal for those working in roles such as, but not limited to:
- Software Architect
- Software Engineer
- Software Developer
- Application Security Specialist
- Software Program Manager
- Quality Assurance Tester
- Penetration Tester
- Software Procurement Analyst
- Project Manager
- Security Manager
- IT Director/Manager
Frequently Asked CSSLP Questions
What do I need to get my CSSLP certification?
To qualify for your CSSLP certification you will need a minimum of four years of cumulative paid work as a development lifecycle professional in least one year in one or more of the eight domains covered in the CSSLP Common Body of Knowledge (CBK).
What if I don’t yet have that experience?
Not to worry! If you don’t yet have that work experience, as you may become an Associate of (ISC)2 by passing the CSSLP exam. From there, you can work towards accumulating work experience to get your full fledged CSSLP certification!
What counts towards paid work experience?
Paid work experience can come from full-time, part-time or even internships (internships can be paid or unpaid). Each of these categories are defined as:
- Full-Time Experience: A minimum of 35 hours/week, this experience is accursed monthly, meaning 4 weeks of 35 hours or more equals one month of experience.
- Part-Time Experience: Between 20 and 34 hours/week, with the hours logged converting to full-time experience as such:
- 1040 hours of part-time = 6 months of full-time experience
- 2080 hours of part-time = 12 months of full-time experience
- Internships: Internship experience can be paid or unpaid to qualify. Documentation on company/organization letterhead confirming your position is required.
Is there anything else I need to get my CSSLP certification?
The last step to getting CSSLP certified is to get endorsed by others, this simply ensures that your claimed professional experience is true and that you are in good standing in the cybersecurity industry.
Have more questions? Read our Frequently Asked Questions page or simply send your questions to us directly via our Contact Us page or our Live Chat and we will be more than happy to assist with any and all questions!
No public dates are currently scheduled. Request Group Training!