Certified Secure Software Lifecycle Professional - CSSLP

Prepare for the CSSLP certification by acquiring the knowledge to create and maintain secure software throughout its life cycle.

In this track, the focus will be on the understanding core concepts and understanding security design principles.

In this track, you will learn about managing security within a software development methodology (e.g., Agile, waterfall); identify and adopt security standards (e.g., implementing security frameworks, promoting security awareness); outline strategy and roadmap; define and develop security documentation; define security metrics (e.g., criticality level, average remediation time, complexity, Key Performance Indicators (KPI), objectives and key results); decommission applications; create security reporting mechanisms (e.g., reports, dashboards, feedback loops); incorporate integrated risk management methods; and implement secure operation practices

In this track of the Certified Secure Software Lifecycle Professional (CSSLP) Journey, you will learn to define software security requirements, identify compliance requirements, identify data classification requirements, identify privacy requirements, define data access provisioning, develop misuse and abuse as well as security requirement traceability matrix, and define third-party vendor security requirements.

In this track, you will learn how to define the security architecture, perform secure interface design, evaluate and select reusable technologies, perform threat modeling, perform architectural risk assessment and design reviews, model (non-functional) security properties and constraints, and define secure operational architecture (e.g., deployment topology, operational interfaces, Continuous Integration and Continuous Delivery (CI/CD)).

In this track, you will learn to adhere to relevant secure coding practices (e.g., standards, guidelines, regulations), analyze code for security risks, implement security controls (e.g., watchdogs, file integrity monitoring, anti-malware), address the identified security risks (e.g., risk strategy), evaluate and integrate components, and apply security during the build process.

In this track you will learn to develop security testing strategy & plan, develop security test cases, verify and validate documentation, identify undocumented functionality, analyze security implications of test results, classify and track security errors, secure test data, and perform verification and validation testing. You will also learn to implement software supply chain risk management, aAnalyze security of third-party software, verify pedigree and provenance, ensure and verify supplier security requirements in the acquisition process, and support contractual requirements.