Certified Secure Software Lifecycle Professional (CSSLP)
Introduction
Earning the globally recognized CSSLP secure software development certification is a proven way to build your career and better incorporate security practices into each phase of the software development lifecycle (SDLC).
CSSLP certification recognizes leading application security skills. It shows employers and peers you have the advanced technical skills and knowledge necessary for authentication, authorization and auditing throughout the SDLC using best practices, policies and procedures established by the cybersecurity experts at (ISC)².
Target Audience
The CSSLP is ideal for software development and security professionals responsible for applying best practices to each phase of the SDLC – from software design and implementation to testing and deployment – including those in the following positions:
- Software Architect
- Software Engineer
- Software Developer
- Application Security Specialist
- Software Program Manager
- Quality Assurance Tester
- Penetration Tester
- Software Procurement Analyst
- Project Manager
- Security Manager
- IT Director/Manager
Prerequisites
Have a minimum of 4 years of cumulative paid full-time professional experience in the software development lifecycle (SDLC) in 1 or more of the 8 domains of the (ISC)² CSSLP CBK or 3 years of cumulative paid full-time professional experience in the SDLC in 1 or more of the 8 domains of the (ISC)² CSSLP CBK with a 4-year college degree, or regional equivalent in Computer Science, Information Technology (IT) or related fields.
The domains include:
- Domain 1. Secure Software Concepts
- Domain 2. Secure Software Requirements
- Domain 3. Secure Software Architecture and Design
- Domain 4. Secure Software Implementation
- Domain 5. Secure Software Testing
- Domain 6. Secure Software Lifecycle Management
Course Objectives
- Apply fundamental concepts and methods related to the fields of information technology and security.
- Align overall organizational operational goals with security functions and implementations.
- Determine how to protect assets of the organization as they go through their lifecycle.
- Leverage the concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability.
- Apply security design principles to select appropriate mitigations for vulnerabilities present in common information system types and architectures.
- Explain the importance of cryptography and the security services it can provide in today’s digital and information age.
- Evaluate physical security elements relative to information security needs.
- Evaluate the elements that comprise communication and network security relative to information security needs.
- Leverage the concepts and architecture that define the associated technology and implementation systems and protocols at Open Systems Interconnection (OSI) model layers 1–7 to meet information security needs.
- Determine appropriate access control models to meet business security requirements.
- Apply physical and logical access controls to meet information security needs.
- Differentiate between primary methods for designing and validating test and audit strategies that support information security requirements
- Apply appropriate security controls and countermeasures to optimize an organization’s operational function and capacity.
- Assess information systems risks to an organization’s operational endeavors.
- Determine appropriate controls to mitigate specific threats and vulnerabilities.
- Apply information systems security concepts to mitigate the risk of software and systems vulnerabilities throughout the systems’ lifecycles.
Training Schedule
Duration: 5 Days
