Certified Secure Software Lifecycle Professional (CSSLP)


Course Overview

This official training seminar is your exclusive way to learn security best practices and industry standards for the software lifecycle – critical information to CSSLP. Through this program you will gain knowledge and learn how security should be built into each phase of the software lifecycle. It also details essential security measures that should take place, beginning with the requirement phase, through software specification and design, software testing and ultimately disposal.

This intense program provides an in-depth breakdown of the CSSLP domains, while identifying key study areas, including:

  • Official (ISC) courseware
  • Taught by an authorized ISC2 instructor
  • Student handbook
  • Real-world case studies and examples 2

Course Content

Secure Software Concepts – security implications and methodologies within centralized and decentralized environments across the enterprise’s computer systems in software development.

  • Core Concepts
  • Security Design Principles
  • Privacy
  • Governance, Risk and Compliance
  • Software Development Methodologies

Secure Software Requirements – capturing security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.

  • Policy Decomposition
  • Data Classification & Categorization
  • Functional Requirements
  • Operational Requirements

Secure Software Design – translating security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.

  • Design Processes
  • Design Considerations
  • Securing Commonly Used Architecture
  • Technologies

Secure Software Implementation/Coding – involves the application of coding and testing standards, applying security testing tools including ‘fuzzing’, static-analysis code scanning tools, and conducting code reviews.

  • Declarative versus Imperative (Programmatic) Security
  • Vulnerability Database / Lists
  • Defensive Coding Practices and Controls
  • Source Code and Versioning
  • Development and Build Environment
  • Code / Peer Review
  • Code Analysis
  • Anti-tampering Techniques

Secure Software Testing – integrated QA testing for security functionality and resiliency to attack.

  • Testing Artifacts
  • Testing for Security and Quality Assurance
  • Types of Testing
  • Impact Assessment and Corrective Action
  • Test Data Lifecycle Management

Software Acceptance – security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, Common Criteria and methods of independent testing.

  • Pre-Release or Pre-Deployment
  • Post-Release

Software Deployment, Operations, Maintenance and Disposal – security issues around steady state operations and management of software. Security measures that must be taken when a product reaches its end of life.

  • Installation and Deployment
  • Operations and Maintenance
  • Software Disposal

Supply Chain & Software Acquisition – provides a holistic outline of the knowledge and tasks required in managing risk for outsourced development, acquisition, and procurement of software and related services.

  • Supplier Risk Assessment
  • Supplier Sourcing
  • Software Development Test
  • Software Delivery, Operations & Maintenance
  • Supplier Transitioning

Who should attend

  • Software Architect
  • Software Engineer
  • Software Developer
  • Application Security Specialist
  • Software Program Manager
  • Quality Assurance Tester
  • Penetration Tester
  • Software Procurement Analyst
  • Project Manager
  • Security Manager
  • IT Director/Manager

Course Objectives

The CSSLP Helps You:

  • Validate your expertise in application security
  • Conquer application vulnerabilities offering more value to your employer
  • Demonstrate a working knowledge of application security
  • Differentiate and enhance your credibility and marketability on a worldwide scale
  • Affirm your commitment to continued competence in the most current best practices through (ISC)’s Continuing Professional Education (CPE) requirements

The CSSLP Helps Employers:

  • Break the penetrate and patch test approach.
  • Reduce production cost, vulnerabilities and deliver y delays.
  • Enhance the credibility of your organization and its development team.
  • Reduce loss of revenue and reputation due to a breach resulting from insecure software.
  • Ensure compliance with government or industry regulations.

Prices & Delivery methods

Online Training

5 days

  • CAD 5,445
Classroom Training

5 days

  • Canada: CAD 5,445

Click on town name or "Online Training" to book Schedule

Instructor-led Online Training:   This computer icon in the schedule indicates that this date/time will be conducted as Instructor-Led Online Training.
*   This class is delivered by a vendor or third party partner.

United States

Online Training 09:00 US/Eastern * Enroll
Online Training 09:00 US/Eastern * Enroll
Online Training 09:00 US/Eastern * Enroll