Certified Secure Software Lifecycle Professional
On Demand $2,494.00
Virtual Live
Course Description
The Certified Secure Software Lifecycle Professional (CSSLP) validates that software professionals have the expertise to incorporate security practices – authentication, authorization, and auditing – into each phase of the software development lifecycle (SDLC), from software design and implementation to testing and deployment.
The broad spectrum of topics included in the CSSLP Common Body of Knowledge (CBK®) ensures its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following eight domains:
- Secure Software Concepts
- Secure Software Requirements
- Secure Software Architecture and Design
- Secure Software Implementation
- Secure Software Testing
- Secure Software Lifecycle Management
- Secure Software Deployment, Operations, Maintenance
- Secure Software Supply Chain
Program Objectives
After completing this course, the student will be able to:
- Understand and apply fundamental concepts and methods related to the fields of information technology and security
- Align overall organizational operational goals with security functions and implementations
- Understand how to protect assets of the organization as they go through their lifecycle
- Understand the concepts, principles, structures, and standards used to design, implement, monitor, and secure operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity, and availability
- Implement system security through the application of security design principles and application of appropriate security control mitigations for vulnerabilities present in common information system types and architectures
- Understand the importance of cryptography and the security services it can provide in today’s digital and information age
- Understand the impact of physical security elements on information system security and apply secure design principles to evaluate or recommend appropriate physical security protections
- Understand the elements that comprise communication and network security coupled with a thorough description of how the communication and network systems function
- List the concepts and architecture that define the associated technology and implementation systems and protocols at Open Systems Interconnection (OSI) model layers 1-7
- Identify standard terms for applying physical and logical access controls to environments related to their security practice
- Appraise various access control models to meet business security requirements
- Name primary methods for designing and validating test and audit strategies that support business requirements
- Enhance and optimize an organization’s operational function and capacity by applying and utilizing appropriate security controls and countermeasures
- Recognize risks to an organization’s operational endeavors and assess specific threats, vulnerabilities, and controls
- Understand the System Lifecycle (SLC) and the Software Development Lifecycle (SDLC) and how to apply security to it; identify which security control(s) are appropriate for the development environment, and assess the effectiveness of software security
Prerequisites
- Candidates must have a minimum of four years cumulative, paid, full-time SDLC professional experience in one or more of the eight domains of the CSSLP Common Body of Knowledge (CBK).
- Earning a four-year college degree or regional equivalent will waive one year of the required experience.
- Only a one-year experience exemption is granted for education.
Course Features
- Lectures 63
- Quizzes 0
- Duration 40 hours
- Skill level Intermediate Level
- Language English
- Students 458
- Certificate No
- Assessments Yes
-
Domain 1: Secure Software Concepts
-
Domain 2: Secure Software Requirements
- 2.1 Define Software Security Requirements
- 2.2 Identify and Analyze Compliance Requirements
- 2.3 Identify and Analyze Data Classification Requirements
- 2.4 Identify and Analyze Privacy Requirements
- 2.5 Develop Misuse and Abuse Cases
- 2.6 Develop Security Requirement Traceability Matrix (STRM)
- 2.7 Ensure Security Requirements Flow Down to Suppliers/Providers
-
Domain 3: Secure Software Architecture and Design
- 3.1 Perform Threat Modeling
- 3.2 Define the Security Architecture
- 3.3 Performing Secure Interface Design
- 3.4 Performing Architectural Risk Assessment
- 3.5 Model (Non-Functional) Security Properties and Constraints
- 3.6 Model and Classify Data
- 3.7 Evaluate and Select Reusable Secure Design
- 3.8 Perform Security Architecture and Design Review
- 3.9 Define Secure Operational Architecture (e.g., deployment topology, operational interfaces)
- 3.10 Use Secure Architecture and Design Principles, Patterns, and Tools
-
Domain 4: Secure Software Implementation
- 4.1 Adhere to Relevant Secure Coding Practices (e.g., standards, guidelines and regulations)
- 4.2 Analyze Code for Security Risks
- 4.3 Implement Security Controls (e.g., watchdogs, File Integrity Monitoring (FIM), anti-malware)
- 4.4 Address Security Risks (e.g. remediation, mitigation, transfer, accept)
- 4.5 Securely Reuse Third-Party Code or Libraries (e.g., Software Composition Analysis (SCA))
- 4.6 Securely Integrate Components
- 4.7 Apply Security During the Build Process
-
Domain 5: Secure Software Testing
- 5.1 Develop Security Test Cases
- 5.2 Develop Security Testing Strategy and Plan
- 5.3 Verify and Validate Documentation (e.g., installation and setup instructions, error messages, user guides, release notes)
- 5.4 Identify Undocumented Functionality
- 5.5 Analyze Security Implications of Test Results (e.g., impact on product management, prioritization, break build criteria)
- 5.6 Classify and Track Security Errors
- 5.7 Secure Test Data
- 5.8 Perform Verification and Validation Testing
-
Domain 6: Secure Software Lifecycle Management
- 6.1 Secure Configuration and Version Control (e.g., hardware, software, documentation, interfaces, patching)
- 6.2 Define Strategy and Roadmap
- 6.3 Manage Security Within a Software Development Methodology
- 6.4 Identify Security Standards and Frameworks
- 6.5 Define and Develop Security Documentation
- 6.6 Develop Security Metrics (e.g., defects per line of code, criticality level, average remediation time, complexity)
- 6.7 Decommission Software
- 6.8 Report Security Status (e.g., reports, dashboards, feedback loops)
- 6.9 Incorporate Integrated Risk Management (IRM)
- 6.10 Promote Security Culture in Software Development
- 6.11 Implement Continuous Improvement (e.g., retrospective, lessons learned)
-
Domain 7: Secure Software Deployment, Operations, Maintenance
- 7.1 Perform Operational Risk Analysis
- 7.2 Release Software Securely
- 7.3 Securely Store and Manage Security Data
- 7.4 Ensure Secure Installation
- 7.5 Perform Post-Deployment Security Testing
- 7.6 Obtain Security Approval to Operate (e.g., risk acceptance, sign-off at appropriate level)
- 7.7 Perform Information Security Continuous Monitoring (ISCM)
- 7.8 Support Incident Response
- 7.9 Perform Patch Management (e.g. secure release, testing)
- 7.10 Perform Vulnerability Management (e.g., scanning, tracking, triaging)
- 7.11 Runtime Protection (e.g., Runtime Application Self-Protection (RASP), Web Application Firewall (WAF), Address Space Layout Randomization (ASLR))
- 7.12 Support Continuity of Operations
- 7.13 Integrate Service Level Objectives (SLO) and Service Level Agreements (SLA) (e.g., maintenance, performance, availability, qualified personnel)
-
Domain 8: Secure Software Supply Chain
- 8.1 Implement Software Supply Chain Risk Management
- 8.2 Analyze Security of Third-Party Software
- 8.3 Verify Pedigree and Provenance
- 8.4 Ensure Supplier Security Requirements in the Acquisition Process
- 8.5 Support contractual requirements (e.g., Intellectual Property (IP) ownership, code escrow, liability, warranty, End-User License Agreement (EULA), Service Level Agreements (SLA))
