(ISC)²

Certified Secure Software Lifecycle Professional (CSSLP)

Enhance your software development skills to book your spot in the top management positions.

(CSSLP.AO2) / ISBN : 978-1-64459-454-4
Lessons
TestPrep
Get A Free Trial

About This Course

Data is the new oil, which is why protecting your software isn't just a task, it's a necessity now! So join our CSSLP certification course to learn, strategize, and apply safety provisions. It provides hands-on training with tools built to tackle security challenges presented at every step of the software development cycle (SDLC).

Gain the skills to protect your software from possible risks and errors.  Warm up, plan, design, and maintain secure coding practices using our interactive labs, and gamify your learning with 447+ assessment exercises to ace your CSSLP exam. 

By the end of this practice course, you'll be ready to pour developed insights into SDLC. 

It's time to scale up your professional journey to ‘safe’ heights. 

Skills You’ll Get

  • Implement safe coding practices in the various stages of SDLC. 
  • Adapt preventive measures like threat modeling to build secure software architecture. 
  • Gain tools to develop secure software design and applications. 
  • Prevent General Programming and other failures with secure coding practices. 
  • Classify CWE/SANS and OWASP Vulnerability Categories to avoid security risks. 
  • Develop a keen understanding of countermeasures to avoid losses to organizations caused by security breaches. 
  • Implement security controls with techniques such as the Build environment, Anti-tampering, and Defensive Coding. 
  • Become a risk management business partner.

 

Download Course Outline

1

Introduction

  • Why Focus on Software Development?
  • The Role of CSSLP
  • How to Use This Course
  • The Examination
  • Exam Objective Map
  • CSSLP Version 3 (2020)
2

Core Concepts

  • Confidentiality
  • Integrity
  • Availability
  • Authentication
  • Authorization
  • Accountability (Auditing and Logging)
  • Nonrepudiation
  • Secure Development Lifecycle
  • Secure Development Lifecycle Components
  • Lesson Review
3

Security Design Principles

  • System Tenets
  • Secure Design Tenets
  • Security Models
  • Adversaries
  • Lesson Review
4

Define Software Security Requirements

  • Functional Requirements
  • Operational and Deployment Requirements
  • Connecting the Dots
  • Lesson Review
5

Identify and Analyze Compliance Requirements

  • Regulations and Compliance
  • Data Classification
  • Privacy
  • Lesson Review
6

Misuse and Abuse Cases

  • Misuse/Abuse Cases
  • Requirements Traceability Matrix
  • Software Acquisition
  • Lesson Review
7

Secure Software Architecture

  • Perform Threat Modeling
  • Define the Security Architecture
  • Lesson Review
8

Secure Software Design

  • Performing Secure Interface Design
  • Performing Architectural Risk Assessment
  • Model (Nonfunctional) Security Properties and Constraints
  • Model and Classify Data
  • Evaluate and Select Reusable Secure Design
  • Perform Security Architecture and Design Review
  • Define Secure Operational Architecture
  • Use Secure Architecture and Design Principles, Patterns, and Tools
  • Lesson Review
9

Secure Coding Practices

  • Declarative vs. Imperative Security
  • Memory Management
  • Error Handling
  • Interface Coding
  • Primary Mitigations
  • Learning from Past Mistakes
  • Secure Design Principles
  • Interconnectivity
  • Cryptographic Failures
  • Input Validation Failures
  • General Programming Failures
  • Technology Solutions
  • Lesson Review
10

Analyze Code for Security Risks

  • Code Analysis (Static and Dynamic)
  • Code/Peer Review
  • Code Review Objectives
  • Additional Sources of Vulnerability Information
  • CWE/SANS Top 25 Vulnerability Categories
  • OWASP Vulnerability Categories
  • Common Vulnerabilities and Countermeasures
  • Lesson Review
11

Implement Security Controls

  • Security Risks
  • Implement Security Controls
  • Applying Security via the Build Environment
  • Anti-tampering Techniques
  • Defensive Coding Techniques
  • Primary Mitigations
  • Secure Integration of Components
  • Lesson Review
12

Security Test Cases

  • Security Test Cases
  • Attack Surface Evaluation
  • Penetration Testing
  • Common Methods
  • Lesson Review
13

Security Testing Strategy and Plan

  • Develop a Security Testing Strategy and a Plan
  • Functional Security Testing
  • Nonfunctional Security Testing
  • Testing Techniques
  • Environment
  • Standards
  • Crowd Sourcing
  • Lesson Review
14

Software Testing and Acceptance

  • Perform Verification and Validation Testing
  • Identify Undocumented Functionality
  • Analyze Security Implications of Test Results
  • Classify and Track Security Errors
  • Secure Test Data
  • Lesson Review
15

Secure Configuration and Version Control

  • Secure Configuration and Version Control
  • Define Strategy and Roadmap
  • Manage Security Within a Software Development Methodology
  • Identify Security Standards and Frameworks
  • Define and Develop Security Documentation
  • Develop Security Metrics
  • Decommission Software
  • Report Security Status
  • Lesson Review
16

Software Risk Management

  • Incorporate Integrated Risk Management
  • Promote Security Culture in Software Development
  • Implement Continuous Improvement
  • Lesson Review
17

Secure Software Deployment

  • Perform Operational Risk Analysis
  • Release Software Securely
  • Securely Store and Manage Security Data
  • Ensure Secure Installation
  • Perform Post-Deployment Security Testing
  • Lesson Review
18

Secure Software Operations and Maintenance

  • Obtain Security Approval to Operate
  • Perform Information Security Continuous Monitoring
  • Support Incident Response
  • Perform Patch Management
  • Perform Vulnerability Management
  • Runtime Protection
  • Support Continuity of Operations
  • Integrate Service Level Objectives and Service Level Agreements
  • Lesson Review
19

Software Supply Chain Risk Management

  • Implement Software Supply Chain Risk Management
  • Analyze Security of Third-Party Software
  • Verify Pedigree and Provenance
  • Lesson Review
20

Supplier Security Requirements

  • Ensure Supplier Security Requirements in the Acquisition Process
  • Support Contractual Requirements
  • Lesson Review

Any questions?
Check out the FAQs

Still have queries about CSSLP exam preparation? Don't worry, we’ve got solutions!

Contact Us Now

CSSLP (Certified Secure Software Lifecycle Professional) is an advanced-level certification availed by software professionals working on the SDLC for career advancement and high-paying roles in cybersecurity.

To become a certified secure software lifecycle professional, you must fulfill one of the following criteria: 

  • 4 years of paid/full-time (including part-time work & internships) security experience in one or more domains covered in the CSSLP exam. 
  • Bachelors/ Masters in computer science, information technology (IT), and other related fields with 3 years of Paid/full-time relevant experience in secure programming. 

The CSSLP training course is ideal for: 

  • Candidates appearing for the CSSLP certification exam. 
  • Software architects, engineers, and developers. 
  • Cybersecurity Professionals looking for career advancement.

Yes, our prep course gives you an edge with interesting practice modules to ace your certification exam which results in landing exciting job opportunities such as:

  • Security Architect 
  • Penetration tester 
  • Compliance officer 
  • Risk manager 

Both certifications are popular among software professionals. 

  • CSSLP takes cybersecurity a step further with special emphasis on the security of the software development cycle (SDCL). 
  • CISSP (Certified Information Systems Security Professional) certification is given to individuals who create, execute, and manage cybersecurity security programs.

Both of these certifications remain widely popular in the field of software development and can accelerate your career growth at an exponential rate.

CSSLP invites exciting packages, on average this certificate holder can expect a salary of $115.803 annually in several parts of the world.

The participants have to attempt 125 multiple-choice questions in 3 hours in the CSSLP exam. The passing marks for this examination are 700 out of 1000 points.

Related Courses

All Course
scroll to top