CSSLP® (Certified Secure Software Lifecycle Professional)

Paths

CSSLP® (Certified Secure Software Lifecycle Professional)

Author: Kevin Henry

Many software development projects and applications written today are vulnerable to attack or compromise and lack effective security and compliance controls. Why? Most... Read more

What you will learn

  • The core concepts of secure software, secure software access principles, and secure software architecture design
  • How to document software security requirements
  • How to manage data protection and classification
  • How to document data and software protection requirements
  • How to characterize threats to software
  • How to design software security architecture
  • How to design secure interfaces
  • How to design security architecture
  • How to confirm adherence to secure coding practices
  • How to assess software security
  • How to create security controls
  • How to develop security test cases
  • How to develop a security testing strategy and plan
  • How to verify and validate implementation
  • How to prescribe secure implementation of software
  • How to develop risk, monitoring, and reporting processes
  • How to create end of life processes for software
  • How to evaluate operational risk
  • How to design resilient software operations
  • How to evaluate software supply chain risk management

Pre-requisites

CSSLP® candidates are required to have a minimum of four years of cumulative, paid, full-time, professional software development lifecycle experience in one or more of the eight CSSLP® Common Body of Knowledge (CBK®) domains, or three years of cumulative paid SDLC professional work experience in one or more of the eight domains of the CSSLP® Common Body of Knowledge (CBK®) with a four-year degree leading to a Baccalaureate, or regional equivalent in Computer Science, Information Technology, or related fields. This series requires basic knowledge of software development and project management.

CSSLP® (Certified Secure Software Lifecycle Professional)

This section covers the objectives found across the eight CSSLP® Common Body of Knowledge (CBK®) security domains:

  • Secure software concepts
  • Secure software requirements
  • Secure software architecture and design
  • Secure software implementation
  • Secure software testing
  • Secure software lifecycle management
  • Secure software deployment, operations, maintenance
  • Secure software supply chain

Preparing for an (ISC)2® Certification Exam

by Kevin Henry

Mar 31, 2018 / 17m

17m

Start Course
Description

Preparing for an (ISC)2® examination can be difficult and stressful. In this course, Preparing for an (ISC)2® Certification Examination, you will learn how to set yourself up for success, prior to taking the exam. First, you will delve into the test-taking process. Next, you will discover some helpful tips and tricks to pass the exam. Last, you will learn how to develop a study plan. When you are finished with this course, you will have the skills and knowledge needed to be prepared for an (ISC)2 exam.

Table of contents
  1. Course Overview
  2. The (ISC)2® Exam Format
  3. How to Prepare for an (ISC)2® Examination

Secure Software Concepts for CSSLP®

by Kevin Henry

Nov 11, 2020 / 2h 41m

2h 41m

Start Course
Description

This course is essential in preparing designing secure software and preparing for the CSSLP(R) examination. In this course, Secure Software Concepts for CSSLP, you will learn foundational knowledge needed to understand security from the perspective of a software engineer. First, you will discover the core concepts of software security. Next, you will learn the process of secure software design. Finally, you will explore how to understand the risk and control environment as it relates to software. When you’re finished with this course, you will have the skills and knowledge of software security needed to prepare for the CSSLP examination and to design secure software.

Table of contents
  1. Course Overview
  2. Introduction and Core Concepts
  3. Security Access Design Principles
  4. Secure Software Architecture Concepts

Secure Software Requirements for CSSLP®

by Kevin Henry

Nov 11, 2020 / 1h 58m

1h 58m

Start Course
Description

Many software development projects fail because of a failure to identify the functional and security requirements accurately. In this course, Secure Software Requirements for CSSLP®, you will gain the ability to gather and analyze system requirements. First, you will discover gathering software requirements. Next, you will learn data classification requirements. Finally, you will explore how to manage data protection. When you’re finished with this course, you will have the skills and knowledge of requirements gathering needed to achieve project success and the delivery of secure software.

Table of contents
  1. Course Overview
  2. Gathering Software Requirements
  3. Manage Data Protection and Classification
  4. Document Data and Software Protection Requirements

Secure Software Architecture and Design for CSSLP®

by Kevin Henry

Dec 3, 2020 / 3h 44m

3h 44m

Start Course
Description

Building secure software requires knowing the threats that the application will face and understanding how the application will interface with other systems. In this course, Secure Software Architecture and Design for CSSLP®, you will gain the ability to design secure software. First, you will discover threats to software. Next, you will learn secure interfaces. Finally, you will explore how to evaluate the software design. When you are finished with this course, you will have the skills and knowledge of secure software architecture and design needed to develop secure software and prepare for the CSSLP® examination.

Table of contents
  1. Course Overview
  2. Characterize Threats to Software
  3. Design Software Security Architecture
  4. Design Secure Interfaces
  5. Design Security Architecture

Secure Software Implementation for CSSLP®

by Kevin Henry

Dec 8, 2020 / 1h 55m

1h 55m

Start Course
Description

Security needs to be built into the software. In this course, Secure Software Implementation for CSSLP®, you will learn foundational knowledge of secure coding. First, you will discover secure coding standards. Next, you will learn secure code review. Finally, you will explore how to implement software security controls. When you’re finished with this course, you will have the skills and knowledge of secure coding needed to prepare for the CSSLP® examination.

Table of contents
  1. Course Overview
  2. Secure Coding Practices
  3. Assess Software Security
  4. Create Security Controls

Secure Software Testing for CSSLP®

by Kevin Henry

Nov 20, 2020 / 1h 54m

1h 54m

Start Course
Description

As a CSSLP® candidate, you must be familiar with the types and methods of software security testing. In this course, Secure Software Testing for CSSLP®, you will gain the ability to develop software security test strategies, plans, and test cases. First, you will discover development of a test strategy. Next, you will learn the creation of test data. Finally, you will explore how to conduct security tests and resolve any issues discovered. When you’re finished with this course, you will have the skills and knowledge of software security testing needed to prepare for this domain of the CSSLP®.

Table of contents
  1. Course Overview
  2. Develop Security Test Cases
  3. Developing and Acquiring Test Data
  4. Executing the Test Plan

Secure Software Lifecycle Management for CSSLP®

by Kevin Henry

Dec 3, 2020 / 1h 52m

1h 52m

Start Course
Description

Security champions must learn to work with development and project teams to weave security into applications. In this course, Secure Software Lifecycle Management for CSSLP®, you will learn foundational knowledge of the role security plays in the SDLC. First, you will discover the building of a security strategy. Next, you will learn the operation and reporting on software security and secure coding practices. Finally, you will explore how to securely bring software to end-of-life. When you’re finished with this course, you will have the skills and knowledge of the secure software development lifecycle needed for the CSSLP® examination.

Table of contents
  1. Course Overview
  2. Prescribe Secure Implementation of Software
  3. Develop Risk, Monitoring, and Reporting Processes
  4. Create End of Life Processes for Software

Secure Software Deployment, Operations, and Maintenance for CSSLP®

by Kevin Henry

Dec 2, 2020 / 2h 33m

2h 33m

Start Course
Description

Software must be deployed and maintained to ensure that it remains secure. In this course, Secure Software Deployment, Operations, and Maintenance for CSSLP®, you will learn foundational knowledge to deploy secure software and ensure its continued secure operation. First, you will discover secure deployment challenges. Next, you will learn secure operations. Finally, you will explore how to maintain software security. When you’re finished with this course, you will have the skills and knowledge of secure software deployment needed to prepare for the CSSLP® examination.

Table of contents
  1. Course Overview
  2. Evaluate Operational Risk
  3. Prepare Secure Software
  4. Design Resilient Software Operations

Secure Software Supply Chain for CSSLP®

by Kevin Henry

Dec 2, 2020 / 1h 21m

1h 21m

Start Course
Description

Many organizations are dependent on third party software to support business operations and it is essential to ensure that this software is secure and meets legal requirements. In this course, Secure Software Supply Chain for CSSLP®, you will learn foundational knowledge about managing the security of this third party software. First, you will discover the process of selecting a vendor. Next, you will learn to manage the risk of software acquisition and deployment. Finally, you will explore how to assess the security of software during operations. When you are finished with this course, you will have the skills and knowledge of secure software supply chain needed to manage security risk and prepare for the CSSLP® examination.

Table of contents
  1. Course Overview
  2. Evaluate Software Supply Chain Risk Management
  3. Manage Software Supply Chain Acquisition Risk
  4. Assess Software Supply Chain Operations