Course Overview
The CSSLP course is specifically designed for individuals involved in software development, including software developers, engineers, architects, project managers, and security professionals. It aims to equip participants with advanced skills and knowledge in software security, enabling them to effectively address security challenges throughout the SDLC.
During the CSSLP course, participants delve into the best practices and principles for developing secure software. They learn about secure coding techniques, secure architecture and design, secure testing methodologies, and secure software maintenance strategies. Emphasis is placed on understanding and implementing security controls, risk management, and security awareness within the software development process.
One of the primary goals of the CSSLP course is to teach participants how to integrate security measures seamlessly into every phase of the SDLC. By instilling this security-focused mindset, the course aims to foster a proactive approach to software security, preventing vulnerabilities and mitigating risks before they can be exploited.
Upon successful completion of the CSSLP course, participants can earn the CSSLP certification, which is globally recognized and highly valued in the software development industry. This certification serves as tangible evidence of an individual’s expertise and proficiency in software security. It enhances their professional credibility, opening doors to new career opportunities and potentially leading to higher earning potential.
Training Options
Target audiences
- Application Security Specialist, IT Director/Manager, Penetration Tester, Project Manager, Quality Assurance Tester, Software Procurement Analyst.
Schedule Dates
Information-cyber-security, Isc2
CSSLP – Certified Secure Software Lifecycle Professional
21/08/2023
Information-cyber-security, Isc2
CSSLP – Certified Secure Software Lifecycle Professional
27/11/2023
Information-cyber-security, Isc2
CSSLP – Certified Secure Software Lifecycle Professional
26/02/2024
Information-cyber-security, Isc2
CSSLP – Certified Secure Software Lifecycle Professional
27/05/2024
Curriculum
-
Module 1: Secure Software Concepts
-
Module 2: Secure Software Requirements
- Define Software Security Requirements
- Identify and Analyze Compliance Requirements
- Identify and Analyze Data Classification Requirements
- Identify and Analyze Privacy Requirements
- Develop Misuse and Abuse Cases
- Develop Security Requirement Traceability Matrix (STRM)
- Ensure Security Requirements Flow Down to Suppliers/Providers
-
Module 3: Secure Software Architecture and Design
- Perform Threat Modeling
- Define the Security Architecture
- Performing Secure Interface Design
- Performing Architectural Risk Assessment
- Model (Non-Functional) Security Properties and Constraints
- Model and Classify Data
- Evaluate and Select Reusable Secure Design
- Perform Security Architecture and Design Review
- Define Secure Operational Architecture (e.g., deployment topology, operational interfaces)
- Use Secure Architecture and Design Principles, Patterns, and Tools
-
Module 4: Secure Software Implementation
- Adhere to Relevant Secure Coding Practices (e.g., standards, guidelines and regulations)
- Analyze Code for Security Risks
- Implement Security Controls (e.g., watchdogs, File Integrity Monitoring (FIM), anti- malware)
- Address Security Risks (e.g. remediation, mitigation, transfer, accept)
- Securely Reuse Third-Party Code or Libraries (e.g., Software Composition Analysis (SCA))
- Securely Integrate Components
- Apply Security During the Build Process
-
Module 5: Secure Software Testing
- Develop Security Test Cases
- Develop Security Testing Strategy and Plan
- Verify and Validate Documentation (e.g., installation and setup instructions, error messages, user guides, release notes)
- Identify Undocumented Functionality
- Analyze Security Implications of Test Results (e.g., impact on product management, prioritization, break build criteria)
- Classify and Track Security Errors
- Secure Test Data
- Perform Verification and Validation Testing
-
Module 6: Secure Software Lifecycle Management
- Secure Configuration and Version Control (e.g., hardware, software, documentation, interfaces, patching)
- Define Strategy and Roadmap
- Manage Security Within a Software Development Methodology
- Identify Security Standards and Frameworks
- Define and Develop Security Documentation
- Develop Security Metrics (e.g., defects per line of code, criticality level, average remediation time, complexity)
- Decommission Software
- Report Security Status (e.g., reports, dashboards, feedback loops)
- Incorporate Integrated Risk Management (IRM)
- Promote Security Culture in Software Development
- Implement Continuous Improvement (e.g., retrospective, lessons learned)
-
Module 7: Secure Software Deployment, Operations, Maintenance
- Perform Operational Risk Analysis
- Release Software Securely
- Securely Store and Manage Security Data
- Ensure Secure Installation
- Perform Post-Deployment Security Testing
- Obtain Security Approval to Operate (e.g., risk acceptance, sign-off at appropriate level)
- Perform Information Security Continuous Monitoring (ISCM)
- Support Incident Response
- Perform Patch Management (e.g. secure release, testing)
- Perform Vulnerability Management (e.g., scanning, tracking, triaging)
- Runtime Protection (e.g., Runtime Application Self-Protection (RASP), Web Application Firewall (WAF), Address Space Layout Randomization (ASLR))
- Support Continuity of Operations
- Integrate Service Level Objectives (SLO) and Service Level Agreements (SLA) (e.g., maintenance, performance, availability, qualified personnel)
-
Module 8. Secure Software Supply Chain
- Implement Software Supply
- Analyze Security of Third-Party Software
- Verify Pedigree and Provenance
- Ensure Supplier Security Requirements in the Acquisition Process
- Support contractual requirements (e.g., Intellectual Property (IP) ownership, code escrow, liability, warranty, End-User License Agreement (EULA), Service Level Agreements (SLA))
To take the Certified Secure Software Lifecycle Professional (CSSLP) course, candidates are required to have a minimum of four years of cumulative paid full-time professional experience in at least one of the eight domains covered in the course. Alternatively, candidates can have three years of experience and a bachelor's degree in a related field.
Candidates must also agree to the (ISC)² Code of Ethics and pass the CSSLP exam to become certified.
The key learning objectives of the Certified Secure Software Lifecycle Professional (CSSLP) course are as follows:
Understand the importance of security in the software development life cycle (SDLC).
Learn the fundamental concepts and principles of software security.
Identify and apply software security requirements throughout the SDLC.
Implement secure software design principles and practices.
Apply secure coding practices and techniques.
Develop and apply software testing methodologies for security.
Understand software acceptance and security evaluation criteria.
Implement and maintain secure software operations and maintenance processes.
Understand the importance of secure software supply chain management.
Prepare for the CSSLP certification exam.
After completing the course, learners should have a comprehensive understanding of the best practices and principles for developing and maintaining secure software throughout the software development life cycle.
Understand the importance of security in the software development life cycle (SDLC).
Learn the fundamental concepts and principles of software security.
Identify and apply software security requirements throughout the SDLC.
Implement secure software design principles and practices.
Apply secure coding practices and techniques.
Develop and apply software testing methodologies for security.
Understand software acceptance and security evaluation criteria.
Implement and maintain secure software operations and maintenance processes.
Understand the importance of secure software supply chain management.
Prepare for the CSSLP certification exam.
After completing the course, learners should have a comprehensive understanding of the best practices and principles for developing and maintaining secure software throughout the software development life cycle.
The duration of the course is 5 days. However, candidates should expect to spend additional time outside of the course studying and preparing for the certification exam.
You will be able to develop new skills and knowledge that are relevant to your industry or profession, improve your job performance and productivity, enhance your resume, and make yourself a more competitive candidate for jobs, it will help you stay up-to-date with the latest trends and technologies in your field and provide networking opportunities with other professionals in their industry. The value of a course depends on the specific content and how applicable it is to the learner's career goals and interests.
