Certified Secure Software Lifecycle Professional (CSSLP®) Certification Training Course

• To obtain this certification, you must pass an examination and have at least four years of cumulative paid work experience as a software development life cycle professional in one or more of the eight (ISC)² CSSLP Common Body of Knowledge domains.
• A relevant four-year diploma may correspond to one year of the required experience.
• A candidate who does not have the necessary experience to become a CSSLP may successfully pass the CSSLP examination and become an (ISC)² Associate while he/she gains the necessary experience.

Candidates can achieve this certification by passing the following CSSLP exam(s).

Certified Secure Software Lifecycle Professional (CSSLP®)

The certification exam can be registered and attempted within 3 months of course/module completion at Logitrain training centre on weekdays during normal business hours (excludes public holidays)

• Validate your expertise in application security
• Conquer application vulnerabilities offering more value to your employer
• Demonstrate a working knowledge of application security
• Differentiate and enhance your credibility and marketability on a worldwide scale
• Affirm your commitment to continued competence in the most current best practices through (ISC)’s Continuing Professional Education (CPE) requirements

• Software Architect
• Software Engineer
• Software Developer
• Application Security Specialist
• Software Program Manager
• Quality Assurance Tester
• Penetration Tester
• Software Procurement Analyst
• Project Manager
• Security Manager
• IT Director/Manager

• Core Concepts
• Security Design Principles
• Define Software Security Requirements
• Identify and Analyse Compliance Requirements
• Identify and Analyse Data Classification Requirements
• Identify and Analyse Privacy Requirements
• Develop Misuse and Abuse Cases
• Develop Security Requirement Traceability Matrix (STRM)
• Ensure Security Requirements Flow Down to Suppliers/Providers
• Perform Threat Modeling
• Define the Security Architecture
• Performing Secure Interface Design
• Performing Architectural Risk Assessment
• Model (Non-Functional) Security Properties and Constraints
• Model and Classify Data
• Evaluate and Select Reusable Secure Design
• Perform Security Architecture and Design Review
• Define Secure Operational Architecture (e.g., deployment topology, operational interfaces)
• Use Secure Architecture and Design Principles, Patterns, and Tools
• Adhere to Relevant Secure Coding Practices (e.g., standards, guidelines and regulations)
• Analyse Code for Security Risks
• Implement Security Controls (e.g., watchdogs, File Integrity Monitoring (FIM), anti-malware)
• Address Security Risks (e.g. remediation, mitigation, transfer, accept)
• Securely Reuse Third-Party Code or Libraries (e.g., Software Composition Analysis (SCA))
• Securely Integrate Components
• Apply Security During the Build Process
• Develop Security Test Cases
• Develop Security Testing Strategy and Plan
• Verify and Validate Documentation (e.g., installation and setup instructions, error messages, user guides, release notes)
• Identify Undocumented Functionality
• Analyse Security Implications of Test Results (e.g., impact on product management, prioritisation, break build criteria)
• Classify and Track Security Errors
• Secure Test Data
• Perform Verification and Validation Testing
• Secure Configuration and Version Control (e.g., hardware, software, documentation, interfaces, patching)
• Define Strategy and Roadmap
• Manage Security Within a Software Development Methodology
• Identify Security Standards and Frameworks
• Define and Develop Security Documentation
• Develop Security Metrics (e.g., defects per line of code, criticality level, average remediation time, complexity)
• Decommission Software
• Report Security Status (e.g., reports, dashboards, feedback loops)
• Incorporate Integrated Risk Management (IRM)
• Promote Security Culture in Software Development
• Implement Continuous Improvement (e.g., retrospective, lessons learned)
• Perform Operational Risk Analysis
• Release Software Securely
• Securely Store and Manage Security Data
• Ensure Secure Installation
• Perform Post-Deployment Security Testing
• Obtain Security Approval to Operate (e.g., risk acceptance, sign-off at appropriate level)
• Perform Information Security Continuous Monitoring (ISCM)
• Support Incident Response
• Perform Patch Management (e.g. secure release, testing)
• Perform Vulnerability Management (e.g., scanning, tracking, triaging)
• Runtime Protection (e.g., Runtime Application Self-Protection (RASP), Web Application Firewall (WAF), Address Space Layout Randomisation (ASLR))
• Support Continuity of Operations
• Integrate Service Level Objectives (SLO) and Service Level Agreements (SLA) (e.g., maintenance, performance, availability, qualified personnel)
• Implement Software Supply Chain Risk Management
• Analyse Security of Third-Party Software
• Verify Pedigree and Provenance
• Ensure Supplier Security Requirements in the Acquisition Process
• Support contractual requirements (e.g., Intellectual Property (IP) ownership, code escrow, liability, warranty, End-User License Agreement (EULA), Service Level Agreements (SLA))