Course Overview
This official training seminar is your exclusive way to learn security best practices and industry standards for the software lifecycle – critical information to CSSLP. Through this program you will gain knowledge and learn how security should be built into each phase of the software lifecycle. It also details essential security measures that should take place, beginning with the requirement phase, through software specification and design, software testing and ultimately disposal.
This intense program provides an in-depth breakdown of the CSSLP domains, while identifying key study areas, including:
- Official (ISC) courseware
- Taught by an authorized ISC2 instructor
- Student handbook
- Real-world case studies and examples
Course Content
Secure Software Concepts – security implications and methodologies within centralized and decentralized environments across the enterprise’s computer systems in software development.
- Core Concepts
- Security Design Principles
- Privacy
- Governance, Risk and Compliance
- Software Development Methodologies
Secure Software Requirements – capturing security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.
- Policy Decomposition
- Data Classification & Categorization
- Functional Requirements
- Operational Requirements
Secure Software Design – translating security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
- Design Processes
- Design Considerations
- Securing Commonly Used Architecture
- Technologies
Secure Software Implementation/Coding – involves the application of coding and testing standards, applying security testing tools including ‘fuzzing’, static-analysis code scanning tools, and conducting code reviews.
- Declarative versus Imperative (Programmatic) Security
- Vulnerability Database / Lists
- Defensive Coding Practices and Controls
- Source Code and Versioning
- Development and Build Environment
- Code / Peer Review
- Code Analysis
- Anti-tampering Techniques
Secure Software Testing – integrated QA testing for security functionality and resiliency to attack.
- Testing Artifacts
- Testing for Security and Quality Assurance
- Types of Testing
- Impact Assessment and Corrective Action
- Test Data Lifecycle Management
Software Acceptance – security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, Common Criteria and methods of independent testing.
- Pre-Release or Pre-Deployment
- Post-Release
Software Deployment, Operations, Maintenance and Disposal – security issues around steady state operations and management of software. Security measures that must be taken when a product reaches its end of life.
- Installation and Deployment
- Operations and Maintenance
- Software Disposal
Supply Chain & Software Acquisition – provides a holistic outline of the knowledge and tasks required in managing risk for outsourced development, acquisition, and procurement of software and related services.
- Supplier Risk Assessment
- Supplier Sourcing
- Software Development Test
- Software Delivery, Operations & Maintenance
- Supplier Transitioning
Who should attend
- Software Architect
- Software Engineer
- Software Developer
- Application Security Specialist
- Software Program Manager
- Quality Assurance Tester
- Penetration Tester
- Software Procurement Analyst
- Project Manager
- Security Manager
- IT Director/Manager
Course Objectives
The CSSLP Helps You:
- Validate your expertise in application security
- Conquer application vulnerabilities offering more value to your employer
- Demonstrate a working knowledge of application security
- Differentiate and enhance your credibility and marketability on a worldwide scale
- Affirm your commitment to continued competence in the most current best practices through (ISC)’s Continuing Professional Education (CPE) requirements
The CSSLP Helps Employers:
- Break the penetrate and patch test approach.
- Reduce production cost, vulnerabilities and deliver y delays.
- Enhance the credibility of your organization and its development team.
- Reduce loss of revenue and reputation due to a breach resulting from insecure software.
- Ensure compliance with government or industry regulations.