CSSLP - Certified Secure Software Lifestyle Professional
The Certified Secure Software Lifecycle Professional (CSSLP) validates that software professionals have the expertise to incorporate security practices – authentication, authorization and auditing – into each phase of the software development lifecycle (SDLC), from software design and implementation to testing and deployment.
After completing this course, students should have a general understanding of the following:
- Discuss the core concepts of software security and the foundational principles that drive construction of resilient software.
- Discuss the security design principles as essential elements for building secure software.
- Discuss software security standards and frameworks, roadmaps and strategies and risk management.
- Explain security in software development methodologies, security metrics and security culture in software development.
- Identify and analyze software requirements pertaining to data privacy, security and compliance with laws and regulations.
- Describe requirement specification and tractability, misuse and abuse cases and flow down of security requirements to supplier.
- Explain secure architecture and design elements and patterns, architectural risk assessment, threat modeling, threat intelligence and attack surface evaluation.
- Explain security architecture and control identification, prioritization and positioning.
- Apply secure coding practices, analyze code for security risks and implement security controls.
- Discuss third-party code and libraries, software composition analysis and security of the build process.
- Discuss security testing strategy plan and analyze security testing methods.
- Discuss validation and verification, security test results and tracking security errors.
- Describe secure software integration and deployment, security data and post-deployment security testing.
- Recognize various security-relevant maintenance activities and discuss planning for the continuity of operations.
- Discuss software supply chain risks and analyze security of third-party software.
- Explain supplier security requirements in the acquisition process and support for contractual requirements.
This course isn't currently on the schedule, but we can add it. Just let us know.