Overview

Ensuring secure software development requires specific cybersecurity talent and leadership. Organizational needs drive the design and requirements for security in software, and development must consider both business and security goals from the beginning of the lifecycle. In this course, you will: - Connect core security concepts and objectives to software development.   - Explain the incorporation of security practices into the SDLC processes.    - Identify components to address security and privacy requirements for secure software development.  - Recognize concepts and frameworks that support secure software architecture and design.   - Identify approaches for implementing security in managed software development.    - Explain common techniques and components of secure software testing.     - Identify principles and practices of secure software deployment, operations, and maintenance.   - Identify security principles and requirements for software acquisition and the software supply chain.   Who should take this course? Information technology and cybersecurity professionals who wish to learn the foundations of applying best practices to each phase of the SDLC – from software design and implementation to testing and deployment – including those in or pursuing the following positions: - Software Architect - Software Engineer - Software Developer - Application Security Specialist - Software Program Manager - Quality Assurance Tester - Penetration Tester - Software Procurement Analyst - Project Manager - Security Manager - IT Director/Manager

Syllabus

Introduction
Secure Software Concepts

Core security objectives of confidentiality, integrity  and availability (CIA), as well as privacy,  drive the requirements for  security in software.   Secure design principles define practices that can guide decisions at the architecture level regardless of the platform and regardless of the programming language. These principles lay the foundation for building secure software.

Secure Software Life Cycle Management

Organizations follow different approaches to develop software, but security must be integrated throughout the process. This module explores compliance challenges, risk management, secure configuration, and best practices for protecting software across its entire life cycle.

Secure Software Requirements

Good software security begins with an organizational structure that defines and addresses requirements. Establishing these expectations upfront helps reduce the need for excessive production security safeguards later in the life cycle.

Secure Software Architecture and Design

The design phase is where critical decisions shape both functionality and security. Strong architecture and thoughtful planning help reduce risks and create a solid foundation for secure software.

Secure Software Implementation

The implementation phase is one of the most important phases of the software development life cycle. Organizations that develop software should establish and enforce secure coding standards and ensure robust input validation, output encoding, authentication, session management, access control, and error management.

Secure Software Testing

Testing ensures software works as intended and can withstand misuse or attacks. Security testing plays a critical role by identifying vulnerabilities early and reducing risk before release.

Secure Software Deployment, Operations, and Maintenance

Deployment and integration are critical moments for security. Strong controls, secure configurations, and ongoing monitoring help protect systems and maintain operational integrity.

Secure Software Supply Chain

Outsourcing and third-party software can speed development but also increase exposure to vulnerabilities. Strong controls and careful oversight help safeguard the supply chain and critical assets.

Course Conclusion

ISC2 is the world’s leading member organization for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our certified members and associates are a force for good, safeguarding the way we live. Our certifications enable professionals to demonstrate their knowledge, skills and abilities at every stage of their careers. Becoming a certified secure software life cycle professional through the CSSLP shows employers and peers that you have the advanced technical skills and knowledge necessary to implement best practices, policies, and procedures throughout the SDLC.