CSSLP - Certified Secure Software Lifestyle Professional

Audience:

Ideal for software development and security professionals responsible for applying best practices to each phase of the SDLC – from software design and implementation to testing and deployment

Prerequisites:

To qualify for this certification, you must pass the exam and have at least four years of cumulative, paid work experience as a software development lifecycle professional in one or more of the eight domains of the (ISC)² CSSLP Common Body of Knowledge (CBK)

Description:

The Certified Secure Software Lifecycle Professional (CSSLP) validates that software professionals have the expertise to incorporate security practices – authentication, authorization and auditing – into each phase of the software development lifecycle (SDLC), from software design and implementation to testing and deployment.

Course Objectives:

After completing this course, students should have a general understanding of the following:

• Discuss the core concepts of software security and the foundational principles that drive construction of resilient software.
• Discuss the security design principles as essential elements for building secure software.
• Discuss software security standards and frameworks, roadmaps and strategies and risk management.
• Explain security in software development methodologies, security metrics and security culture in software development.
• Identify and analyze software requirements pertaining to data privacy, security and compliance with laws and regulations.
• Describe requirement specification and tractability, misuse and abuse cases and flow down of security requirements to supplier.
• Explain secure architecture and design elements and patterns, architectural risk assessment, threat modeling, threat intelligence and attack surface evaluation.
• Explain security architecture and control identification, prioritization and positioning.
• Apply secure coding practices, analyze code for security risks and implement security controls.
• Discuss third-party code and libraries, software composition analysis and security of the build process.
• Discuss security testing strategy plan and analyze security testing methods.
• Discuss validation and verification, security test results and tracking security errors.
• Describe secure software integration and deployment, security data and post-deployment security testing.
• Recognize various security-relevant maintenance activities and discuss planning for the continuity of operations.
• Discuss software supply chain risks and analyze security of third-party software.
• Explain supplier security requirements in the acquisition process and support for contractual requirements.