Premium Features

Previous Buy now to get complete version Next
  • Home
uCertify Logo
  • login
  • Signup
    • Help & Support
    • Accessibility
    • Testimonials
  • Powered by uCertify
  • Request Demo
  • Hello GuestLogin or Signup
  • Feedback & Support
    • Support
    • Keyboard Shortcuts
    • Send Feedback
Scroll to top button

Certified Secure Software Lifecycle Professional (CSSLP)

(CSSLP.AO1) / ISBN: 978-1-64459-229-8
This course includes
Lessons
TestPrep
Lab
Mentoring (Add-on)
CSSLP.AO1 : Certified Secure Software Lifecycle Professional (CSSLP)
Try this course Pre-Assessment and first two Lessons free No credit card required
Are you an instructor? Teach using uCertify products
Request a free evaluation copy

Certified Secure Software Lifecycle Professional (CSSLP)

Pass the (ISC)² CSSLP exam with the Certified Secure Software Lifecycle Professional (CSSLP) course and lab. The lab can be mapped to any course, textbook, or training, therefore, adding value and a hands-on component to training. The CSSLP training guide provides skills for the CSSLP exam topics and expertise in the areas such as security design principles, threat modeling, secure interface design, architectural risk assessment, code for security risks, dynamic application security testing (DAST), and many more.
Here's what you will get

The Certified Secure Software Lifecycle Professional certification is for information security professionals who act as leaders in the organization and play a key role in incorporating security into each phase of the software lifecycle. The CSSLP exam validates a candidate's skills and knowledge necessary for authentication, authorization, and auditing throughout the SDLC using best practices, policies, and procedures established by the cybersecurity experts at (ISC)².

Lessons
  • 21+ Lessons
  • 299+ Quizzes
  • 236+ Flashcards
  • 236+ Glossary of terms
TestPrep
  • 100+ Pre Assessment Questions
  • 2+ Full Length Tests
  • 100+ Post Assessment Questions
  • 200+ Practice Test Questions
Lab
  • 40+ Performance lab
Here's what you will learn
Download Course Outline
Lesson 1: Introduction
  • Why Focus on Software Development?
  • The Role of CSSLP
  • How to Use This Course?
  • The Examination
  • CSSLP (2020)
Lesson 2: General Security Concepts
  • General Security Concepts
  • Security Models
  • Adversaries
  • Lesson Review
Lesson 3: Risk Management
  • Definitions and Terminology
  • Types of Risk
  • Governance, Risk, and Compliance
  • Risk Management Models
  • Risk Options
  • Lesson Review
Lesson 4: Security Policies and Regulations
  • Regulations and Compliance
  • Legal Issues
  • Privacy
  • Security Standards
  • Secure Software Architecture
  • Trusted Computing
  • Acquisition
  • Lesson Review
Lesson 5: Software Development Methodologies
  • Secure Development Lifecycle
  • Secure Development Lifecycle Components
  • Software Development Models
  • Microsoft Security Development Lifecycle
  • Lesson Review
Lesson 6: Policy Decomposition
  • Confidentiality, Integrity, and Availability Requirements
  • Authentication, Authorization, and Auditing Requirements
  • Internal and External Requirements
  • Lesson Review
Lesson 7: Data Classification and Categorization
  • Data Classification
  • Data Ownership
  • Labeling
  • Types of Data
  • Data Lifecycle
  • Lesson Review
Lesson 8: Requirements
  • Functional Requirements
  • Operational Requirements
  • Requirements Traceability Matrix
  • Connecting the Dots
  • Lesson Review
Lesson 9: Design Processes
  • Attack Surface Evaluation
  • Threat Modeling
  • Control Identification and Prioritization
  • Risk Assessment for Code Reuse
  • Documentation
  • Design and Architecture Technical Review
  • Lesson Review
Lesson 10: Design Considerations
  • Application of Methods to Address Core Security Concepts
  • Interfaces
  • Lesson Review
Lesson 11: Securing Commonly Used Architecture
  • Distributed Computing
  • Service-Oriented Architecture
  • Rich Internet Applications
  • Pervasive/Ubiquitous Computing
  • Mobile Applications
  • Integration with Existing Architectures
  • Cloud Architectures
  • Lesson Review
Lesson 12: Technologies
  • Authentication and Identity Management
  • Credential Management
  • Flow Control (Proxies, Firewalls, Middleware)
  • Logging
  • Data Loss Prevention
  • Virtualization
  • Digital Rights Management
  • Trusted Computing
  • Database Security
  • Programming Language Environment
  • Operating Systems
  • Embedded Systems
  • Lesson Review
Lesson 13: Common Software Vulnerabilities and Countermeasures
  • CWE/SANS Top 25 Vulnerability Categories
  • OWASP Vulnerability Categories
  • Common Vulnerabilities and Countermeasures
  • Input Validation Failures
  • Common Enumerations
  • Virtualization
  • Embedded Systems
  • Side Channel
  • Social Engineering Attacks
  • Lesson Review
Lesson 14: Defensive Coding Practices
  • Declarative vs. Programmatic Security
  • Memory Management
  • Error Handling
  • Interface Coding
  • Primary Mitigations
  • Learning from Past Mistakes
  • Lesson Review
Lesson 15: Secure Software Coding Operations
  • Code Analysis (Static and Dynamic)
  • Code/Peer Review
  • Build Environment
  • Antitampering Techniques
  • Configuration Management: Source Code and Versioning
  • Lesson Review
Lesson 16: Security Quality Assurance Testing
  • Standards for Software Quality Assurance
  • Testing Methodology
  • Functional Testing
  • Security Testing
  • Environment
  • Bug Tracking
  • Attack Surface Validation
  • Testing Artifacts
  • Test Data Lifecycle Management
  • Lesson Review
Lesson 17: Security Testing
  • Scanning
  • Penetration Testing
  • Fuzzing
  • Simulation Testing
  • Testing for Failure
  • Cryptographic Validation
  • Regression Testing
  • Impact Assessment and Corrective Action
  • Lesson Review
Lesson 18: Secure Lifecycle Management
  • Introduction to Acceptance
  • Pre-release Activities
  • Post-release Activities
  • Lesson Review
Lesson 19: Secure Software Installation and Deployment
  • Secure Software Installation and Its Subsequent Deployment
  • Configuration Management
  • Lesson Review
Lesson 20: Secure Software Operations and Maintenance
  • Secure Software Operations
  • The Software Maintenance Process
  • Secure DevOps
  • Secure Software Disposal
  • Lesson Review
Lesson 21: Supply Chain and Software Acquisition
  • Supplier Risk Assessment
  • Supplier Sourcing
  • Software Development and Testing
  • Software Delivery, Operations, and Maintenance
  • Supplier Transitioning
  • Lesson Review

Hands on Activities (Performance Labs)

General Security Concepts

  • Understanding Security Design Tenets
  • Discussing About Access Control Models
  • Understanding Information Flow Models

Risk Management

  • Understanding Annualized Loss Expectancy

Security Policies and Regulations

  • Understanding Compliance-Based Assessment Regulations
  • Understanding PII and PHI
  • Understanding National Institute of Standards and Technology

Software Development Methodologies

  • Discussing About Software Development Methodologies
  • Understanding Secure Development Lifecycle Components
  • Understanding Software Development Models

Policy Decomposition

  • Understanding Access Control Mechanisms

Data Classification and Categorization

  • Understanding Data Classification Types
  • Understanding Data Ownership Roles

Requirements

  • Understanding Functional Requirements
  • Understanding the Requirements Traceability Matrix

Design Processes

  • Understanding Documentation

Design Considerations

  • Discussing About Security Design Considerations

Securing Commonly Used Architecture

  • Understanding Distributed Computing Terms
  • Understanding the Enterprise Service Bus
  • Understanding Cloud Service Models

Technologies

  • Understanding X.509 Digital Certificate Fields
  • Understanding Flow Control Technologies
  • Understanding Syslog
  • Understanding Trusted Computing Elements

Common Software Vulnerabilities and Countermeasures

  • Discussing About Software Vulnerabilities and Countermeasures
  • Understanding the Buffer Overflow Attack

Defensive Coding Practices

  • Understanding Imperative and Declarative Securities
  • Understanding Memory Management

Secure Software Coding Operations

  • Understanding Code Analysis Types

Security Quality Assurance Testing

  • Discussing About Security Quality Assurance Testing Methods
  • Understanding Functional Testing Types
  • Understanding Security Testing Types

Security Testing

  • Understanding the Attack Surface Analyzer
  • Understanding Regression Testing

Secure Lifecycle Management

  • Understanding Various Forms of Testing

Secure Software Installation and Deployment

  • Understanding Bootstrapping

Secure Software Operations and Maintenance

  • Understanding Operations/Maintenance Activities
  • Understanding the Software Disposal Process

Supply Chain and Software Acquisition

  • Discussing About Supplier Risk Assessment
  • Understanding Service Level Agreements
Exam FAQs
What is the exam registration fee? USD 599
Where do I take the exam? Pearson VUE
What is the format of the exam? Multiple choice questions
What are the pre-requisites of the exam? A candidate is required to have a minimum of four years of cumulative paid Software Development Lifecycle (SDLC) professional work experience in one or more of the eight domains of the (ISC)2 CSSLP CBK, or three years of cumulative paid SDLC professional work experience in one or more of the eight domains of the CSSLP CBK with a four-year degree leading to a Baccalaureate, or regional equivalent in Computer Science, Information Technology (IT) or related fields.
How many questions are asked in the exam? The exam contains 125 questions.
What is the duration of the exam? 180 minutes
What is the passing score? 700
What is the exam's retake policy?

Here is the retake policy:

  • If you don’t pass the exam the first time, you can retest after 30 days.
  • If you don’t pass a second time, you can retest after an additional 90 days.
  • If you don’t pass a third time, you can retest after 180 days from your most recent exam attempt.
What is the validity of the certification? Three years
Where can I find more information about this exam? Know more about the CSSLP
What are the career opportunities after passing this exam?
  • Software Architect
  • Software Engineer
  • Software Developer
  • Application Security Specialist
×
uc logo for app downloadDownload our uCertify App [lms_setting_placeholder: This filed is used to set the LMS settings.

Share with your friends and colleagues

We use cookies to enhance your experience. By continuing to visit this site you agree to our use of cookies. More information
Accept