CSSLP Training Course Outline
Software Security
This course is designed for software professionals that have the expertise to incorporate security practices – authentication, authorization and auditing – into each phase of the software development lifecycle (SDLC), from software design and implementation to testing and deployment. Led by an (ISC)² authorized instructor, this training seminar provides a comprehensive review of information systems security concepts and industry best practices, covering the following eight domains of the CSSLP Common Body of Knowledge (CBK®).
Who Should Attend
The training seminar is ideal for those working in positions such as but not limited to:
- Software Architect
- Software Engineer
- Software Developer
- Application Security Specialist
- Software Program Manager
- Quality Assurance Tester
- Penetration Tester
- Software Procurement Analyst
- Project Manager
- Security Manager
- IT Director/Manager
Course Agenda
- Domain 1.Secure Software Concepts
- Domain 2. Secure Software Requirements
- Domain 3. Secure Software Architecture and Design
- Domain 4. Secure Software Implementation
- Domain 5. Secure Software Testing
- Domain 6. Secure Software Lifecycle Management
- Domain 7. Secure Software Deployment, Operations, Maintenance
- Domain 8. Secure Software Supply Chain
Please Note: Effective September 15, 2023, the CSSLP exam will be based on a new exam outline. Please refer to the CSSLP Exam Outline and FAQs for details.
Course Delivery Methods
Course Objectives
At the end of this course, learners will be able to:- Discuss the core concepts of software security and the foundational principles that drive construction of resilient software.
- Discuss the security design principles as essential elements for building secure software.
- Discuss software security standards and frameworks, roadmaps and strategies and risk management.
- Explain security in software development methodologies, security metrics and security culture in software development.
- Identify and analyze software requirements pertaining to data privacy, security and compliance with laws and regulations.
- Describe requirement specification and tractability, misuse and abuse cases and flow down of security requirements to supplier.
- Explain secure architecture and design elements and patterns, architectural risk assessment, threat modeling, threat intelligence and attack surface evaluation.
- Explain security architecture and control identification, prioritization and positioning.
- Apply secure coding practices, analyze code for security risks and implement security controls.
- Discuss third-party code and libraries, software composition analysis and security of the build process.
- Discuss security testing strategy plan and analyze security testing methods.
- Discuss validation and verification, security test results and tracking security errors.
- Describe secure software integration and deployment, security data and post-deployment security testing.
- Recognize various security-relevant maintenance activities and discuss planning for the continuity of operations.
- Discuss software supply chain risks and analyze security of third-party software.
- Explain supplier security requirements in the acquisition process and support for contractual requirements.