CSSLP
Certified Secure Software Lifecycle Professional Exam Preparation

CSSLP Course Introduction

The Official (ISC)² CSSLP CBK Review Seminar is the exclusive way to learn security best practices and industry standards for the software lifecycle - critical information to a CSSLP. This is where you will learn tools and processes on how security should be built into each phase of the software lifecycle. The CSSLP CBK contains the largest, most comprehensive, collection of best practices, policies, and procedures, to ensure a security initiative across all phases of application development, regardless of methodology.

CSSLP Course Objectives

• To offers a high-level review of the main topics of CSSLP CBK
• To identify areas students need to study
• To provide an overview of the scope of the information security field
• To study for CSSLP examination

CSSLP Course Prerequisite

• SDLCF

Target Group

• IT Director/Manager
• Software Program Manager/Product Manager
• Project Manager
• Security Manager
• Software Developer
• Software Engineers and Architect
• Application Security Specialist
• Software Procurement Analyst
• Software Quality Assurance
• Quality Assurance Tester
• Business Analyst
• Penetration Tester
• Professionals who manage these stakeholders

Course Outline of CSSLP

Day 1
Domain 1 Secure Software Concepts
    – Concepts of Secure Software
    – Principles of Secure Design
    – Security and Privacy
    – Governance, Risk, and Compliance
    – Methodologies for Software Development
Domain 2 Secure Software Requirements
    – Policy Decomposition
    – Classification and Categorization
    – Functional Requirements: Use Cases and Abuse Cases
    – Secure Software Operational Requirements

Day 2
Domain 3 Secure Software Design
    – The Importance of Secure Design
    – Design Considerations
    – Secure Design Processes
    – Securing Commonly Used Architectures
    – Securing Commonly Used Technologies

Day 3
Domain 4 Secure Software Implementation/Coding
    – Fundamental Programming Concepts
    – Vulnerability Databases and Lists
    – Defensive Coding Practices and Controls
    – Secure Software Processes

Day 4
Domain 5 Secure Software Testing
    – Artifacts of Testing
    – Testing for Security and Quality Assurance
    – Security Testing
    – Defect Reporting, Tracking, and Corrective Action
    – Test Data Life Cycle Management
Domain 6 Software Acceptance
    – Software Acceptance Considerations
    – Post-release

Day 5
Domain 7 Software Deployment, Operations, Maintenance and Disposal
    – Installation and Deployment
    – Operations and Maintenance
    – Disposal of Software
    – Domain 8 Supply Chain & Software Acquisition
    – Supplier Risk Assessment
    – Supplier Sourcing
    – Software Development and Test
    – Software Delivery, Operations, and Maintenance
    – Supplier Transitioning