Become a CSSLP – Certified Secure Software Lifecycle Professional

Earning the globally recognized CSSLP secure software development certification is a proven way to build your career and better incorporate security practices into each phase of the software development lifecycle (SDLC).

CSSLP certification recognizes leading application security skills. It shows employers and peers you have the advanced technical skills and knowledge necessary for authentication, authorization and auditing throughout the SDLC using best practices, policies and procedures established by the cybersecurity experts at (ISC)².

Prove your skills, advance your career, and gain support from a community of cybersecurity leaders here to help you throughout your professional journey.

Course Outline

Overview 

• Pre Requirements 
• What is a CSSLP 
• Why becoming a CSSLP Matters 
• Exam Overview 
• CSSLP Exam Pre Requirements 

1 Secure Software Concepts

1.1   Core Concepts 

•  Confidentiality, integrity and Availability (CIA) 
•  Authentication, Authorization and Accountability 
•  Nonrepudiation and Digital Signatures 

1.2   Security Design Principles 

•  Least privilege 
•  Separation of duties 
•  Defense in Depth 
•  Whiteboard- Defense in Depth 
•  Fail Safe 
•  Economy of mechanism 
•  Complete mediation 
•  Open Design 
•  Least common mechanism 
•  Whiteboard - Least Common 
•  Psychological acceptability 
•  Leveraging existing components 
•  Eliminate single point of failure 
•  Demo -Hashing 
•  Test Tips 
•  Section Review Questions 

 2. Secure Software Requirements 

 2.1 Identify Security Requirements 

•  Functional and Non Functional Requirements 
•  Terminology to know 
•  Whitboard - Attacks part 1 
•  Terminology to know part 2 
•  Cert and Owasp Secure Coding Standards
•  Terminology to know part 3 
•  Legal, regulatory, and industry requirements
•  Policy Decomp 
•  Terminology to know- Legal
•  Privacy Concerns 
•  Control Basics 

2.2 Interpret Data Classification Requirements 

• Data Classification overview- Ownership, Labeling, Data Types, Data Lifecycle 

2.3 Identify Privacy Requirements

• Data anonymization, user consent and Disposition 

 2.4 Develop Misuse and Abuse Cases 

• Abuse Cases 

 2.5 Include Security in Software Requirement Specifications 

• Maturity Models 
• What is Identifying Threats? 
• hreat Models 
• Orgs to Know 

2.6 Develop Security Requirement Traceability Matrix 

• SRTM 
• Demo 
• Test Tips 
• Section Review Questions 

The audience should be willing to study and review materials to pass the CSSLP Plus and meet the requirements set by ISC2 In order to become a fully certified CSSLP, (ISC)² requires the candidate to have a minimum of four years cumulative paid full-time SDLC experience in one or more of the eight domains of the CSSLP credential.

A candidate can substitute one year of experience for a four-year college degree. If a candidate passes the certification exam but does not possess the required years of experience they will become an associate of (ISC)² and have five years to earn the experience. At which time they will become a fully certified CSSLP.

The CSSLP certification exam is a well written exam evaluating potential candidates across eight different domains.

The exam contains 175 question, multiple-choice exam is administered over a 4-hour period at a Pearson Professional Center. (Exam Cost Not Included)

The CSSLP exam questions are developed from the skills and information contained within the CSSLP CBK with the following tested percentages.