(ISC)²

Certified Secure Software Lifecycle Professional (CSSLP)

(CSSLP.AO2)/ISBN:978-1-64459-454-4

This course includes
Lessons
TestPrep
Certified Secure Software Lifecycle Professional (CSSLP)

Elevate your skills in software development and make security your top priority with the Certified Secure Software Lifecycle Professional (CSSLP) course. In today's digital landscape, ensuring the security of software is paramount, and this course equips you with the knowledge and skills to lead in the development of secure software. From interactive lessons to practice tests and pre-assessments, we've got your exam preparation covered. Explore topics like software vulnerabilities and the principles of secure software development, making a real impact on reducing risks and costs. Become part of a workforce with an enhanced skillset and embark on a journey toward creating more secure software and a safer digital world. Unleash your potential with CSSLP and contribute to a more secure software development process.

Here's what you will get

Let's get to the core of the Certified Secure Software Lifecycle Professional (CSSLP) exam. It consists of 125 multiple-choice questions. Here are some vital exam tips: Pay close attention to the Exam Tips, retake practice exams, answer known questions first, and make educated guesses on unfamiliar ones - there's no penalty for guessing. Your success is our goal, and we wish you the best for your future in secure software development. Study hard and use this knowledge to create safer software.

Write about certification

Lessons

20+ Lessons | 447+ Exercises | 185+ Quizzes | 246+ Flashcards | 246+ Glossary of terms

TestPrep

100+ Pre Assessment Questions | 2+ Full Length Tests | 100+ Post Assessment Questions | 200+ Practice Test Questions

Need guidance and support? Click here to check our Instructor Led Course.

Here's what you will learn

Download Course Outline

Lessons 1: Introduction

  • Why Focus on Software Development?
  • The Role of CSSLP
  • How to Use This Course
  • The Examination
  • Exam Objective Map
  • CSSLP Version 3 (2020)

Lessons 2: Core Concepts

  • Confidentiality
  • Integrity
  • Availability
  • Authentication
  • Authorization
  • Accountability (Auditing and Logging)
  • Nonrepudiation
  • Secure Development Lifecycle
  • Secure Development Lifecycle Components
  • Lesson Review

Lessons 3: Security Design Principles

  • System Tenets
  • Secure Design Tenets
  • Security Models
  • Adversaries
  • Lesson Review

Lessons 4: Define Software Security Requirements

  • Functional Requirements
  • Operational and Deployment Requirements
  • Connecting the Dots
  • Lesson Review

Lessons 5: Identify and Analyze Compliance Requirements

  • Regulations and Compliance
  • Data Classification
  • Privacy
  • Lesson Review

Lessons 6: Misuse and Abuse Cases

  • Misuse/Abuse Cases
  • Requirements Traceability Matrix
  • Software Acquisition
  • Lesson Review

Lessons 7: Secure Software Architecture

  • Perform Threat Modeling
  • Define the Security Architecture
  • Lesson Review

Lessons 8: Secure Software Design

  • Performing Secure Interface Design
  • Performing Architectural Risk Assessment
  • Model (Nonfunctional) Security Properties and Constraints
  • Model and Classify Data
  • Evaluate and Select Reusable Secure Design
  • Perform Security Architecture and Design Review
  • Define Secure Operational Architecture
  • Use Secure Architecture and Design Principles, Patterns, and Tools
  • Lesson Review

Lessons 9: Secure Coding Practices

  • Declarative vs. Imperative Security
  • Memory Management
  • Error Handling
  • Interface Coding
  • Primary Mitigations
  • Learning from Past Mistakes
  • Secure Design Principles
  • Interconnectivity
  • Cryptographic Failures
  • Input Validation Failures
  • General Programming Failures
  • Technology Solutions
  • Lesson Review

Lessons 10: Analyze Code for Security Risks

  • Code Analysis (Static and Dynamic)
  • Code/Peer Review
  • Code Review Objectives
  • Additional Sources of Vulnerability Information
  • CWE/SANS Top 25 Vulnerability Categories
  • OWASP Vulnerability Categories
  • Common Vulnerabilities and Countermeasures
  • Lesson Review

Lessons 11: Implement Security Controls

  • Security Risks
  • Implement Security Controls
  • Applying Security via the Build Environment
  • Anti-tampering Techniques
  • Defensive Coding Techniques
  • Primary Mitigations
  • Secure Integration of Components
  • Lesson Review

Lessons 12: Security Test Cases

  • Security Test Cases
  • Attack Surface Evaluation
  • Penetration Testing
  • Common Methods
  • Lesson Review

Lessons 13: Security Testing Strategy and Plan

  • Develop a Security Testing Strategy and a Plan
  • Functional Security Testing
  • Nonfunctional Security Testing
  • Testing Techniques
  • Environment
  • Standards
  • Crowd Sourcing
  • Lesson Review

Lessons 14: Software Testing and Acceptance

  • Perform Verification and Validation Testing
  • Identify Undocumented Functionality
  • Analyze Security Implications of Test Results
  • Classify and Track Security Errors
  • Secure Test Data
  • Lesson Review

Lessons 15: Secure Configuration and Version Control

  • Secure Configuration and Version Control
  • Define Strategy and Roadmap
  • Manage Security Within a Software Development Methodology
  • Identify Security Standards and Frameworks
  • Define and Develop Security Documentation
  • Develop Security Metrics
  • Decommission Software
  • Report Security Status
  • Lesson Review

Lessons 16: Software Risk Management

  • Incorporate Integrated Risk Management
  • Promote Security Culture in Software Development
  • Implement Continuous Improvement
  • Lesson Review

Lessons 17: Secure Software Deployment

  • Perform Operational Risk Analysis
  • Release Software Securely
  • Securely Store and Manage Security Data
  • Ensure Secure Installation
  • Perform Post-Deployment Security Testing
  • Lesson Review

Lessons 18: Secure Software Operations and Maintenance

  • Obtain Security Approval to Operate
  • Perform Information Security Continuous Monitoring
  • Support Incident Response
  • Perform Patch Management
  • Perform Vulnerability Management
  • Runtime Protection
  • Support Continuity of Operations
  • Integrate Service Level Objectives and Service Level Agreements
  • Lesson Review

Lessons 19: Software Supply Chain Risk Management

  • Implement Software Supply Chain Risk Management
  • Analyze Security of Third-Party Software
  • Verify Pedigree and Provenance
  • Lesson Review

Lessons 20: Supplier Security Requirements

  • Ensure Supplier Security Requirements in the Acquisition Process
  • Support Contractual Requirements
  • Lesson Review

Exam FAQs

599

Pearson VUE

MCQs

The exam contains 125 questions.

180 minutes

700

(on a scale of 700-1000)

Retest after 30 test-free days