Certified Secure Software Lifecycle Professional (CSSLP)

(CSSLP.AO2) / ISBN : 978-1-64459-454-4
This course includes
Get A Free Trial

About This Course

Elevate your skills in software development and make security your top priority with the Certified Secure Software Lifecycle Professional (CSSLP) course. In today's digital landscape, ensuring the security of software is paramount, and this course equips you with the knowledge and skills to lead in the development of secure software. From interactive lessons to practice tests and pre-assessments, we've got your exam preparation covered. Explore topics like software vulnerabilities and the principles of secure software development, making a real impact on reducing risks and costs. Become part of a workforce with an enhanced skillset and embark on a journey toward creating more secure software and a safer digital world. Unleash your potential with CSSLP and contribute to a more secure software development process.

Skills You’ll Get

Let's get to the core of the Certified Secure Software Lifecycle Professional (CSSLP) exam. It consists of 125 multiple-choice questions. Here are some vital exam tips: Pay close attention to the Exam Tips, retake practice exams, answer known questions first, and make educated guesses on unfamiliar ones - there's no penalty for guessing. Your success is our goal, and we wish you the best for your future in secure software development. Study hard and use this knowledge to create safer software.

Write about certification

Get the support you need. Enroll in our Instructor-Led Course.


20+ Lessons | 447+ Exercises | 185+ Quizzes | 246+ Flashcards | 246+ Glossary of terms


100+ Pre Assessment Questions | 2+ Full Length Tests | 100+ Post Assessment Questions | 200+ Practice Test Questions



  • Why Focus on Software Development?
  • The Role of CSSLP
  • How to Use This Course
  • The Examination
  • Exam Objective Map
  • CSSLP Version 3 (2020)

Core Concepts

  • Confidentiality
  • Integrity
  • Availability
  • Authentication
  • Authorization
  • Accountability (Auditing and Logging)
  • Nonrepudiation
  • Secure Development Lifecycle
  • Secure Development Lifecycle Components
  • Lesson Review

Security Design Principles

  • System Tenets
  • Secure Design Tenets
  • Security Models
  • Adversaries
  • Lesson Review

Define Software Security Requirements

  • Functional Requirements
  • Operational and Deployment Requirements
  • Connecting the Dots
  • Lesson Review

Identify and Analyze Compliance Requirements

  • Regulations and Compliance
  • Data Classification
  • Privacy
  • Lesson Review

Misuse and Abuse Cases

  • Misuse/Abuse Cases
  • Requirements Traceability Matrix
  • Software Acquisition
  • Lesson Review

Secure Software Architecture

  • Perform Threat Modeling
  • Define the Security Architecture
  • Lesson Review

Secure Software Design

  • Performing Secure Interface Design
  • Performing Architectural Risk Assessment
  • Model (Nonfunctional) Security Properties and Constraints
  • Model and Classify Data
  • Evaluate and Select Reusable Secure Design
  • Perform Security Architecture and Design Review
  • Define Secure Operational Architecture
  • Use Secure Architecture and Design Principles, Patterns, and Tools
  • Lesson Review

Secure Coding Practices

  • Declarative vs. Imperative Security
  • Memory Management
  • Error Handling
  • Interface Coding
  • Primary Mitigations
  • Learning from Past Mistakes
  • Secure Design Principles
  • Interconnectivity
  • Cryptographic Failures
  • Input Validation Failures
  • General Programming Failures
  • Technology Solutions
  • Lesson Review

Analyze Code for Security Risks

  • Code Analysis (Static and Dynamic)
  • Code/Peer Review
  • Code Review Objectives
  • Additional Sources of Vulnerability Information
  • CWE/SANS Top 25 Vulnerability Categories
  • OWASP Vulnerability Categories
  • Common Vulnerabilities and Countermeasures
  • Lesson Review

Implement Security Controls

  • Security Risks
  • Implement Security Controls
  • Applying Security via the Build Environment
  • Anti-tampering Techniques
  • Defensive Coding Techniques
  • Primary Mitigations
  • Secure Integration of Components
  • Lesson Review

Security Test Cases

  • Security Test Cases
  • Attack Surface Evaluation
  • Penetration Testing
  • Common Methods
  • Lesson Review

Security Testing Strategy and Plan

  • Develop a Security Testing Strategy and a Plan
  • Functional Security Testing
  • Nonfunctional Security Testing
  • Testing Techniques
  • Environment
  • Standards
  • Crowd Sourcing
  • Lesson Review

Software Testing and Acceptance

  • Perform Verification and Validation Testing
  • Identify Undocumented Functionality
  • Analyze Security Implications of Test Results
  • Classify and Track Security Errors
  • Secure Test Data
  • Lesson Review

Secure Configuration and Version Control

  • Secure Configuration and Version Control
  • Define Strategy and Roadmap
  • Manage Security Within a Software Development Methodology
  • Identify Security Standards and Frameworks
  • Define and Develop Security Documentation
  • Develop Security Metrics
  • Decommission Software
  • Report Security Status
  • Lesson Review

Software Risk Management

  • Incorporate Integrated Risk Management
  • Promote Security Culture in Software Development
  • Implement Continuous Improvement
  • Lesson Review

Secure Software Deployment

  • Perform Operational Risk Analysis
  • Release Software Securely
  • Securely Store and Manage Security Data
  • Ensure Secure Installation
  • Perform Post-Deployment Security Testing
  • Lesson Review

Secure Software Operations and Maintenance

  • Obtain Security Approval to Operate
  • Perform Information Security Continuous Monitoring
  • Support Incident Response
  • Perform Patch Management
  • Perform Vulnerability Management
  • Runtime Protection
  • Support Continuity of Operations
  • Integrate Service Level Objectives and Service Level Agreements
  • Lesson Review

Software Supply Chain Risk Management

  • Implement Software Supply Chain Risk Management
  • Analyze Security of Third-Party Software
  • Verify Pedigree and Provenance
  • Lesson Review

Supplier Security Requirements

  • Ensure Supplier Security Requirements in the Acquisition Process
  • Support Contractual Requirements
  • Lesson Review

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact us now


Pearson VUE


The exam contains 125 questions.

180 minutes


(on a scale of 700-1000)

Retest after 30 test-free days

Related Courses

All Course
scroll to top