Course Overview
Official ISC2® CSSLP® CBK® Training Seminar
This official training seminar is your exclusive way to learn security best practices and industr y standards for the software lifecycle – critical information to CSSLP. Through this program you will gain knowledge and learn how security should be built into each phase of the software lifecycle. It also details essential security measures that should take place, beginning with the requirement phase, through software specification and design, software testing and ultimately disposal.
This intense program provides an in-depth breakdown of the CSSLP domains, while identifying key study areas, including:
- Official (ISC) courseware
- Taught by an authorized ISC2 instructor
- Student handbook
- Real-world case studies and examples 2
Who should attend
- Software Architect
- Software Engineer
- Software Developer
- Application Security Specialist
- Software Program Manager
- Quality Assurance Tester
- Penetration Tester
- Software Procurement Analyst
- Project Manager
- Security Manager
- IT Director/Manager
Course Objectives
The CSSLP Helps You:
- Validate your exper tise in application security.
- Conquer application vulnerabilities offering more value to your employer.
- Demonstrate a working knowledge of application security.
- Differentiate and enhance your credibility and marketability on a worldwide scale.
- Affirm your commitment to continued competence in the most current best practices through (ISC)’s Continuing Professional Education (CPE) requirements.
The CSSLP Helps Employers:
- Break the penetrate and patch test approach.
- Reduce production cost, vulnerabilities and deliver y delays.
- Enhance the credibility of your organization and its development team.
- Reduce loss of revenue and reputation due to a breach resulting from insecure software.
- Ensure compliance with government or industr y regulations.
Course Content
Secure Software Concepts – security implications and methodologies within centralized and decentralized environments across the enterprise’s computer systems in software development.
- Core Concepts
- Security Design Principles
- Privacy
- Governance, Risk and Compliance
- Software Development Methodologies
Secure Software Requirements – capturing security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.
- Policy Decomposition
- Data Classification & Categorization
- Functional Requirements
- Operational Requirements
Secure Software Design – translating security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
- Design Processes
- Design Considerations
- Securing Commonly Used Architecture
- Technologies
Secure Software Implementation/Coding – involves the application of coding and testing standards, applying security testing tools including ‘fuzzing’, static-analysis code scanning tools, and conducting code reviews.
- Declarative versus Imperative (Programmatic) Security
- Vulnerability Database / Lists
- Defensive Coding Practices and Controls
- Source Code and Versioning
- Development and Build Environment
- Code / Peer Review
- Code Analysis
- Anti-tampering Techniques
Secure Software Testing – integrated QA testing for security functionality and resiliency to attack.
- Testing Ar tifacts
- Testing for Security and Quality Assurance
- Types of Testing
- Impact Assessment and Corrective Action
- Test Data Lifecycle Management
Software Acceptance – security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, Common Criteria and methods of independent testing.
- Pre-Release or Pre-Deployment
- Post-Release
Software Deployment, Operations, Maintenance and Disposal – security issues around steady state operations and management of software. Security measures that must be taken when a product reaches its end of life.
- Installation and Deployment
- Operations and Maintenance
- Software Disposal
Supply Chain & Software Acquisition – provides a holistic outline of the knowledge and tasks required in managing risk for outsourced development, acquisition, and procurement of software and related ser vices.
- Supplier Risk Assessment
- Supplier Sourcing
- Software Development Test
- Software Deliver y, Operations & Maintenance
- Supplier Transitioning
Application vulnerabilities continue to top the list of cyber security concerns. While attackers and researchers continue to expose new application vulnerabilities, the most common application flaws are previous, rediscovered threats. This high volume of known application vulnerabilities suggests that many development teams do not have the security resources needed to address all potential security flaws and a clear shor tage of qualified professionals with application security skills exists. Without action, this soft underbelly of business and governmental entities has and will continue to be exposed with serious consequences—data breaches, disrupted operations, lost business, brand damage, and regulator y fines. This is why it is essential for software professionals to stay current on the latest advances in software development and the new security threats they create.
The Cer tified Secure Software Lifecycle Professional (CSSLP) certification validates that software professionals have the exper tise to incorporate security practices – authentication, authorization and auditing – into each phase of the software development lifecycle, from software design and implementation to testing and deployment.