Pass the (ISC)² CSSLP exam with the Certified Secure Software Lifecycle Professional (CSSLP) course and lab. The lab can be mapped to any course, textbook, or training, therefore, adding value and a hands-on component to training. The CSSLP training guide provides skills for the CSSLP exam topics and expertise in the areas such as security design principles, threat modeling, secure interface design, architectural risk assessment, code for security risks, dynamic application security testing (DAST), and many more.

starstarstarstarstar

* Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Learning Objectives

The CSSLP exam validates a candidate's skills and knowledge necessary for authentication, authorization, and auditing throughout the SDLC using best practices, policies, and procedures established by the cybersecurity experts at (ISC)².

1

  • Introduction

  • Why Focus on Software Development?
    The Role of CSSLP
    How to Use This Course?
    The Examination
    Exam Readiness Checklist
    CSSLP Version 2 (2017)
2

  • General Security Concepts

  • General Security Concepts
    Security Models
    Adversaries
    Lesson Review
3

  • Risk Management

  • Definitions and Terminology
    Types of Risk
    Governance, Risk, and Compliance
    Risk Management Models
    Risk Options
    Lesson Review
4

  • Security Policies and Regulations

  • Regulations and Compliance
    Legal Issues
    Privacy
    Security Standards
    Secure Software Architecture
    Trusted Computing
    Acquisition
    Lesson Review
5

  • Software Development Methodologies

  • Secure Development Lifecycle
    Secure Development Lifecycle Components
    Software Development Models
    Microsoft Security Development Lifecycle
    Lesson Review
6

  • Policy Decomposition

  • Confidentiality, Integrity, and Availability Requirements
    Authentication, Authorization, and Auditing Requirements
    Internal and External Requirements
    Lesson Review
7

  • Data Classification and Categorization

  • Data Classification
    Data Ownership
    Labeling
    Types of Data
    Data Lifecycle
    Lesson Review
8

  • Requirements

  • Functional Requirements
    Operational Requirements
    Requirements Traceability Matrix
    Connecting the Dots
    Lesson Review
9

  • Design Processes

  • Attack Surface Evaluation
    Threat Modeling
    Control Identification and Prioritization
    Risk Assessment for Code Reuse
    Documentation
    Design and Architecture Technical Review
    Lesson Review
10

  • Design Considerations

  • Application of Methods to Address Core Security Concepts
    Interfaces
    Lesson Review
11

  • Securing Commonly Used Architecture

  • Distributed Computing
    Service-Oriented Architecture
    Rich Internet Applications
    Pervasive/Ubiquitous Computing
    Mobile Applications
    Integration with Existing Architectures
    Cloud Architectures
    Lesson Review
12

  • Technologies

  • Authentication and Identity Management
    Credential Management
    Flow Control (Proxies, Firewalls, Middleware)
    Logging
    Data Loss Prevention
    Virtualization
    Digital Rights Management
    Trusted Computing
    Database Security
    Programming Language Environment
    Operating Systems
    Embedded Systems
    Lesson Review
13

  • Common Software Vulnerabilities and Countermeasures

  • CWE/SANS Top 25 Vulnerability Categories
    OWASP Vulnerability Categories
    Common Vulnerabilities and Countermeasures
    Input Validation Failures
    Common Enumerations
    Virtualization
    Embedded Systems
    Side Channel
    Social Engineering Attacks
    Lesson Review
14

  • Defensive Coding Practices

  • Declarative vs. Programmatic Security
    Memory Management
    Error Handling
    Interface Coding
    Primary Mitigations
    Learning from Past Mistakes
    Lesson Review
15

  • Secure Software Coding Operations

  • Code Analysis (Static and Dynamic)
    Code/Peer Review
    Build Environment
    Antitampering Techniques
    Configuration Management: Source Code and Versioning
    Lesson Review
16

  • Security Quality Assurance Testing

  • Standards for Software Quality Assurance
    Testing Methodology
    Functional Testing
    Security Testing
    Environment
    Bug Tracking
    Attack Surface Validation
    Testing Artifacts
    Test Data Lifecycle Management
    Lesson Review
17

  • Security Testing

  • Scanning
    Penetration Testing
    Fuzzing
    Simulation Testing
    Testing for Failure
    Cryptographic Validation
    Regression Testing
    Impact Assessment and Corrective Action
    Lesson Review
18

  • Secure Lifecycle Management

  • Introduction to Acceptance
    Pre-release Activities
    Post-release Activities
    Lesson Review
19

  • Secure Software Installation and Deployment

  • Secure Software Installation and Its Subsequent Deployment
    Configuration Management
    Lesson Review
20

  • Secure Software Operations and Maintenance

  • Secure Software Operations
    The Software Maintenance Process
    Secure DevOps
    Secure Software Disposal
    Lesson Review
21

  • Supply Chain and Software Acquisition

  • Supplier Risk Assessment
    Supplier Sourcing
    Software Development and Testing
    Software Delivery, Operations, and Maintenance
    Supplier Transitioning
    Lesson Review

Audience

The Certified Secure Software Lifecycle Professional certification is for information security professionals who act as leaders in the organization and play a key role in incorporating security into each phase of the software lifecycle.

Language

English

Prerequisites

While there are no prerequisites for this course, please ensure you have the right level of experience to be successful in this training.

Length: 365.0 days ( hours)

Level:

Not Your Location? Change

Course Schedule:

To request a custom delivery, please chat with an expert.

Loading...