Course: Certified Secure Software Lifecycle Professional (CSSLP)

$519.09 incl. vat

duration: 18 hours |

Language: English (US) |

access duration: 90 days |

In Onbeperkt Leren

In this CSSLP training course you will learn the software lifecycle as ISC² it has defined. This course focuses particularly on tools and processes. You will gain insights into the tools and processes that you constantly with security takes into account every phase within the software lifecycle.

After attending this course you will be fully prepared for the CSSLP exam.

Topics that will be covered are software design, secure software testing, software concepts, secure software deployment and far more.


After attending the course you are familiar with the software lifecycle as ISC² it has defined. Also, you are successfully prepared to complete the CSSLP certification exam.


To obtain the CSSLP certificate you must demonstrate your relevant experience. This is necessary in order to follow this course as it supposed to be.

Target audience

Security Specialist

Certified Secure Software Lifecycle Professional (CSSLP)

18 hours

CSSLP: Secure Software Concepts

  • start the course
  • recognize the characteristics of confidentiality
  • identify the characteristics of integrity
  • identify the characteristics of availability
  • recognize the characteristics of authentication and authorization
  • recognize the characteristics of authentication and authorization
  • identify the role of accounting in assuring security
  • recognize the characteristics of non-repudiation
  • identify the characteristics of least privilege
  • recognize the characteristics of separation of duties
  • recognize the characteristics of defense in depth
  • recognize the characteristics of fail-safe
  • recognize the characteristics of economy of mechanism
  • recognize the characteristics of complete mediation
  • recognize the characteristics of open design
  • recognize the characteristics of least common mechanism
  • recognize the characteristics of psychological acceptability
  • recognize the characteristics of the weakest link
  • recognize the characteristics of leveraging existing components
  • recognize the characteristics of privacy
  • distinguish between different privacy considerations
  • recognize characteristics of regulations and compliance
  • distinguish between legal issues to keep in mind during the software lifecycle
  • recognize characteristics of standards
  • distinguish between the steps of the general risk management model
  • identify secure software concepts in the Waterfall methodology
  • identify secure software concepts in the Agile methodology
  • recognize the principles and practices behind securing software

CSSLP: Secure Software Requirements

  • start the course
  • identify typical internal security requirements
  • identify typical external security requirements
  • identify data state categories
  • identify data usage categories
  • distinguish between the data owner and data custodian roles
  • distinguish between the different impact level definitions
  • distinguish between structured and unstructured data
  • distinguish between generation, retention, and disposal
  • identify characteristics of role and user definitions
  • identify the role of the deployment environment within functional requirements
  • distinguish between objects, activities, and actions
  • identify best practices for sequencing and timing
  • identify characteristics of software deployment requirements
  • identify characteristics of operations requirements
  • identify characteristics of management requirements
  • recognize what is involved in securing software

CSSLP: Secure Software Design

  • start the course
  • measure and minimize attack surface
  • recognize threat modeling techniques and the purpose of documentation
  • identify characteristics of control identification and prioritization
  • identify characteristics of design and architecture technical review
  • identify characteristics of risk assessment for code reuse
  • distinguish between applicable methods to address core security concepts
  • recognize security design principle best practices
  • distinguish between interconnectivity activities best practices
  • identify interfaces best practices
  • distinguish between the different architectural forms and supporting elements of secured distributed computing
  • recognize best practices for securing service-oriented architecture
  • recognize best practices for securing rich Internet applications
  • recognize best practices for securing pervasive and ubiquitous computing
  • recognize best security practices when integrating with existing architectures
  • recognize best practices for securing cloud architectures
  • recognize best practices for securing mobile applications
  • distinguish between characteristics of authentication and identity management
  • recognize characteristics of credential management
  • distinguish between flow control methods
  • recognize characteristics of logging
  • recognize characteristics of data loss prevention
  • identify benefits of virtualization in secure software design
  • recognize types of Rights Expression Language or REL in Digital Rights Management or DRM
  • recognize characteristics of trusted computing
  • distinguish between database security techniques
  • distinguish between compilers, interpreters, and hybrid source codes
  • recognize characteristics of operating systems
  • distinguish between control systems and firmware
  • identify best practices for designing secure software

CSSLP: Secure Software Implementation and Coding

  • start the course
  • recognize characteristics of declarative security
  • recognize characteristics of programmatic security
  • locate and list the Open Web Applications Security Project or OWASP "Top 10"
  • locate and list the Common Weakness Enumeration or CWE list of software weaknesses
  • recognize examples of using concurrency as a defensive coding practice
  • recognize examples of using configuration as a defensive coding practice
  • recognize examples of using cryptology as a defensive coding practice
  • recognize examples of using output sanitization as a defensive coding practice
  • recognize examples of using error handling as a defensive coding practice
  • recognize examples of using input validation as a defensive coding practice
  • recognize examples of using logging and auditing as a defensive coding practice
  • recognize examples of using session management as a defensive coding practice
  • recognize examples of using exception management as a defensive coding practice
  • distinguish between safe and unsafe application programming interface or API coding practices
  • distinguish between examples of static and dynamic type safety enforcement
  • recognize characteristics of memory management as a defensive coding practice
  • recognize characteristics of configuration parameter management as a defensive coding practice
  • recognize examples of tokenizing as a defensive coding practice
  • recognize characteristics of sandboxing as a defensive coding practice
  • identify source code and versioning best practices
  • identify build environment best practices
  • recognize characteristics of peer-based code reviews
  • distinguish between static and dynamic code analysis
  • list the steps for code signing
  • identify techniques for defensive and secure coding

CSSLP: Secure Software Testing

  • start the course
  • recognize characteristics of testing artifacts
  • identify characteristics of functional testing
  • distinguish between nonfunctional testing methods
  • distinguish between white-, grey-, and black-box testing
  • identify environment best practices for ensuring secure software testing
  • distinguish between bug tracking states
  • recognize characteristics of attack surface validation for software testing
  • distinguish between testing standards for software quality assurance
  • identify the four steps in the penetration process
  • recognize characteristics of the fuzzing method
  • recognize characteristics of scanning
  • recognize characteristics of simulation testing
  • recognize characteristics of testing for failure
  • recognize characteristics of cryptographic validation
  • recognize characteristics of regression testing
  • recognize characteristics of continuous testing
  • recognize characteristics of impact assessment
  • recognize options for addressing bugs
  • identify best practices in test data lifecycle management
  • identify best practices for securely testing software

CSSLP: Software Acceptance, Deployment, Operations, Maintenance, and Disposal

  • start the course
  • identify the characteristics of the pre-release testing process
  • list the six generic criteria for judging the suitability of a product
  • identify the characteristics of risk acceptance
  • identify characteristics of a post-release plan
  • recognize characteristics of validation and verification
  • recognize characteristics of independent testing
  • identify the role of bootstrapping in deployment activities
  • recognize characteristics of configuration management roles and plan
  • distinguish between the six configuration management process activities
  • recognize characteristics of release management activities
  • recognize characteristics of monitoring during operations and maintenance
  • distinguish between the different activities of incident management
  • recognize characteristics of problem management
  • recognize characteristics of change management
  • recognize characteristics of backup, recovery, and archiving
  • identify the components of an effective software disposal plan
  • identify key activities during software disposal execution
  • identify best practices for software deployment, operations, maintenance, and disposal activities

CSSLP: Supply Chain and Software Acquisition

  • start the course
  • recognize characteristics of risk assessment for code reuse
  • identify best practices for creating a practical reuse plan
  • identify best practices for preventing intellectual property theft
  • recognize characteristics of legal compliance
  • identify best practices for supplier prequalification activities
  • distinguish between different security trade-offs in supplier sourcing
  • identify best practices for contractual integrity controls
  • identify best practices for vendor technical integrity controls
  • identify best secure control practices for managed services from a supplier
  • distinguish between the two rules service-level agreements or SLAs should provide
  • identify technical controls for software development and testing
  • identify code testing and verification options for software development and testing
  • list the eight steps to create a formal set of security testing controls
  • identify software requirements verification and validation
  • identify chain of custody best practices
  • distinguish between licenses, encryption, and authentication as publishing and dissemination controls
  • identify characteristics of system-of-systems integration
  • identify software authenticity and integrity best practices during software delivery, operations, and maintenance
  • recognize best practices when integrating product deployment and sustainment controls
  • identify monitoring and incident management best practices
  • identify best practices for vulnerability management, tracking, and resolution activities
  • identify the purpose of Code Escrow during supplier transitioning
  • identify contracts best practices during supplier transitioning
  • identify best practices for assessing supplier risk, implementing supplier sourcing controls, and delivering software

We offer several optional training products to enhance your learning experience. If you are planning to use our training course in preperation for an official exam then whe highly recommend using these optional training products to ensure an optimal learning experience. Sometimes there is only a practice exam or/and practice lab available.

Optional practice exam (trial exam)

To supplement this training course you may add a special practice exam. This practice exam comprises a number of trial exams which are very similar to the real exam, both in terms of form and content. This is the ultimate way to test whether you are ready for the exam. 

Optional practice lab

To supplement this training course you may add a special practice lab. You perform the tasks on real hardware and/or software applicable to your Lab. The labs are fully hosted in our cloud. The only thing you need to use our practice labs is a web browser. In the LiveLab environment you will find exercises which you can start immediatelyThe lab enviromentconsist of complete networks containing for example, clients, servers,etc. This is the ultimate way to gain extensive hands-on experience. 


Via ons opleidingsconcept bespaar je tot 80% op trainingen

Start met leren wanneer je wilt. Je bepaalt zelf het gewenste tempo

Spar met medecursisten en profileer je als autoriteit in je vakgebied.

Ontvang na succesvolle afronding van je cursus het officiële certificaat van

Krijg inzicht in uitgebreide voortgangsinformatie van jezelf of je medewerkers

Kennis opdoen met interactieve e-learning en uitgebreide praktijkopdrachten door gecertificeerde docenten


Once we have processed your order and payment, we will give you access to your courses. If you still have any questions about our ordering process, please refer to the button below.

frequently asked quesions

What is included?

Certificate of participation No
Monitor Progress No
Mobile ready No
Sharing knowledge Unlimited access to our IT professionals community
Study advice Our consultants are here for you to advice about your study career and options
Study materials Certified teachers with in depth knowledge about the subject.
Service World's best service


Na bestelling van je training krijg je toegang tot ons innovatieve leerplatform. Hier vind je al je gekochte (of gevolgde) trainingen, kan je eventueel cursisten aanmaken en krijg je toegang tot uitgebreide voortgangsinformatie.

Life Long Learning

Follow multiple courses? Read more about our Life Long Learning concept

read more

Contact us

Need training advise? Contact us!