Attend this official (ISC)² Certified Secure Software Lifecycle Professional (CSSLP) training course and get prepared to achieve this premier secure software development certification. This course provides you with in-depth coverage on the skills and concepts on the eight domains of software security. This includes Software Concepts, Requirements, Design, Implementation, Testing, Lifecycle Management among others.
This CSSLP course is for Software Developers, Engineers, Architects, Penetration Testers and other IT professionals who have a minimum of four years experience in full-time Software Development Lifecycle (SDLC) in one or more of the eight domains covered in the CSSLP exam.
Save More On Training with FlexVouchers – A Unique Training Savings Account
Our FlexVouchers help you lock in your training budgets without having to commit to a traditional 1 voucher = 1 course classroom-only attendance. FlexVouchers expand your purchasing power to modern blended solutions and services that are completely customizable. For details, please call 888-843-8733 or chat live.
In Class & Live, Online Training
Time Zone Legend:
Eastern Time ZoneCentral Time Zone
Mountain Time ZonePacific Time Zone
Note: This course runs for
5 Days
Aug 30 - Sep 3
9:00 AM - 4:30 PM EDT
Herndon, VA / Online (AnyWare)
Herndon, VA / Online (AnyWare)
Reserve Your Seat
Guaranteed to Run
When you see the "Guaranteed to Run" icon next to a course event, you can rest assured that your course event — date, time — will run. Guaranteed.
Important CSSLP Course Information
Certification Information
Learning Tree can provide a voucher to sit the exam upon request
Requirements for certification:
A minimum of four years of cumulative, paid, full-time Software Development Lifecycle (SDLC) professional experience in one or more of the eight domains of the CSSLP Common Body of Knowledge (CBK)
As one of only 12 (ISC)2 CPE Submitters worldwide, Learning Tree can submit courses on your behalf to (ISC)2 for CPE credit. (ISC)2 members can earn Group A credits for attending any of our cybersecurity courses, and Group B General Education credits for any other Learning Tree course they attend.
Or (ISC)2 members can submit CPE credits directly to the CPE portal in the Members section of the (ISC)2 website.
CSSLP Course Outline
Domain 1: Secure Software Concepts
1.1 Core Concepts
Confidentiality (e.g., covert, overt, encryption)
Integrity (e.g., hashing, digital signatures, code signing, reliability, modifications, authenticity)
Nonrepudiation (e.g., digital signatures, block chain)
1.2 Security Design Principles
Least privilege (e.g., access control, need-to-know, run-time privileges)
Separation of Duties (e.g., multi-party control, secret sharing and split knowledge)
Defence in depth (e.g., layered controls, input validation, security zones)
Resiliency (e.g., fail safe, fail secure, no Single Point of Failure (SPOF))
Economy of mechanism (e.g., Single Sign-On (SSO), password vaults, resource)
Complete mediation (e.g., cookie management, session management, caching of credentials)
Open design (e.g., Kerckhoffs’s principle)
Least common mechanism (e.g., compartmentalization/isolation, white-listing)
Psychological acceptability (e.g., password complexity, screen layouts, Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), biometrics)
Component reuse (e.g., common controls, libraries)
Diversity of defence (e.g., geographical diversity, technical diversity, distributed systems)
Domain 2: Secure Software Requirements
2.1 Define Software Security Requirements
Functional (e.g., business requirements, use cases, stories)
Service-oriented architecture (SOA) (e.g., Enterprise Service Bus (ESB), web services
Rich internet applications (e.g., client-side exploits or threats, remote code execution, constant connectivity)
Pervasive/ubiquitous computing (e.g., Internet of Things (IoT), wireless, location-based, Radio-Frequency Identification (RFID), near field communication, sensor networks)
Testing techniques (e.g., white box and black box)
Environment (e.g., interoperability, test harness)
Standards (e.g., International Organization for Standardization (ISO), Open Source Security Testing Methodology Manual (OSSTMM), Software Engineering Institute (SEI))
Crowd sourcing (e.g., bug bounty
5.3 Verify and Validate Documentation (e.g., installation and setup instructions, error messages, user guides, release notes)
5.4 Identify Undocumented Functionality
5.5 Analyze Security Implications of Test Results (e.g., impact on product management, prioritization, break build criteria)
5.6 Classify and Track Security Errors
Bug tracking (e.g., defects, errors and vulnerabilities)
Risk Scoring (e.g., Common Vulnerability Scoring System (CVSS))
5.7 Secure Test Data
Generate test data (e.g., referential integrity, statistical quality, production representative)
Reuse of production data (e.g., obfuscation, sanitization, anonymization, tokenization, data aggregation mitigation)
5.8 Perform Verification and Validation Testing
Domain 6: Secure Software Lifecycle Management
6.1 Secure Configuration and Version Control (e.g., hardware, software, documentation, interfaces, patching)
6.2 Define Strategy and Roadmap
6.3 Manage Security Within a Software Development Methodology
Security in adaptive methodologies (e.g., Agile methodologies)
Security in predictive methodologies (e.g., Waterfall)
6.4 Identify Security Standards and Frameworks
6.5 Define and Develop Security Documentation
6.6 Develop Security Metrics (e.g., defects per line of code, criticality level, average remediation time, complexity)
6.7 Decommission Software
End of life policies (e.g., credential removal, configuration removal, license cancellation, archiving)
Data disposition (e.g., retention, destruction, dependencies)
6.8 Report Security Status (e.g., reports, dashboards, feedback loops)
Standards and guidelines (e.g., International Organization for Standardization (ISO), Payment Card Industry (PCI), National Institute of Standards and Technology (NIST), OWASP, Software Assurance Forum for Excellence in Code (SAFECode), Software AssuranceMaturity Model (SAMM), Building Security In Maturity Model (BSIMM))
What is Certified Secure Software Lifecycle Professional (CSSLP) certification?
Certified secure software lifecycle professional is a certification from (ISC)2. It focuses on application security within the SDLC.
How much does the CSSLP exam cost?
Learning Tree can provide a voucher to sit the exam upon request.
Do you offer CSSLP training online?
Yes! We know your busy work schedule may prevent you from getting to one of our classrooms which is why we offer convenient online training to meet your needs wherever you want. This course is available in class and live online.