Attend this official (ISC)² Certified Secure Software Lifecycle Professional (CSSLP) training course and get prepared to achieve this premier secure software development certification. This course provides you with in-depth coverage on the skills and concepts on the eight domains of software security. This includes Software Concepts, Requirements, Design, Implementation, Testing, Lifecycle Management among others.
This CSSLP course is for Software Developers, Engineers, Architects, Penetration Testers and other IT professionals who have a minimum of four years experience in full-time Software Development Lifecycle (SDLC) in one or more of the eight domains covered in the CSSLP exam.
4thdacad can provide a voucher to sit the exam upon request
Requirements for certification:
A minimum of four years of cumulative, paid, full-time Software Development Lifecycle (SDLC) professional experience in one or more of the eight domains of the CSSLP Common Body of Knowledge (CBK)
Pass CSSLP exam
This is an (ISC)2 certification prep course. Click here to view more (ISC)2 certification prep training ›
As one of only 12 (ISC)2 CPE Submitters worldwide, 4thdacad can submit courses on your behalf to (ISC)2 for CPE credit. (ISC)2 members can earn Group A credits for attending any of our cybersecurity courses, and Group B General Education credits for any other 4thdacad course they attend.
Or (ISC)2 members can submit CPE credits directly to the CPE portal in the Members section of the (ISC)2 website.
Certified Secure Software Lifecycle Professional (CSSLP) Training Delivery Methods
Official (ISC)² curriculum
After-course instructor coaching benefit
(ISC)² exam voucher included in course tuition
Certified Secure Software Lifecycle Professional (CSSLP) Training Course Benefits
Prepare for and pass the CSSLP ExamIdentify security software requirementsFollow secure coding practicesDevelop security testing strategy and planChoose a secure software methodologyRelease software securely
CSSLP Course Outline
Domain 1: Secure Software Concepts
1.1 Core Concepts
Confidentiality (e.g., covert, overt, encryption)
Integrity (e.g., hashing, digital signatures, code signing, reliability, modifications, authenticity)
Availability (e.g., redundancy, replication, clustering, scalability, resiliency)
Authentication (e.g., multifactor authentication (MFA), identity & access management (IAM), single sign-on (SSO), federated identity)
Authorization (e.g., access controls, permissions, entitlements)
Accountability (e.g., auditing, logging)
Nonrepudiation (e.g., digital signatures, block chain)
1.2 Security Design Principles
Least privilege (e.g., access control, need-to-know, run-time privileges)
Separation of Duties (e.g., multi-party control, secret sharing and split knowledge)
Defense in depth (e.g., layered controls, input validation, security zones)
Resiliency (e.g., fail safe, fail secure, no Single Point of Failure (SPOF))
Economy of mechanism (e.g., Single Sign-On (SSO), password vaults, resource)
Complete mediation (e.g., cookie management, session management, caching of credentials)
Open design (e.g., Kerckhoffs’s principle)
Least common mechanism (e.g., compartmentalization/isolation, white-listing)
Psychological acceptability (e.g., password complexity, screen layouts, Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), biometrics)
Component reuse (e.g., common controls, libraries)
Diversity of defense (e.g., geographical diversity, technical diversity, distributed systems)
Domain 2: Secure Software Requirements
Domain 3: Secure Software Architecture and Design
Domain 4: Secure Software Implementation
Domain 5: Secure Software Testing
Domain 6: Secure Software Lifecycle Management
Domain 7: Secure Software Deployment, Operations, Maintenance
Domain 8: Secure Software Supply Chain