Template id = 116
Document id = 8823
Parent id = 1546
Menu
NL

Certified Secure Software Lifecycle Professional (CSSLP)

This 5-day training will prepare you for the international Certified Secure Software Lifecycle Professional (CSSLP) title of (ISC)2. You will learn the industry's standard and best practices in developing, managing and maintaining software security.

Certified Secure Software Lifecycle Professional (CSSLP) – mode of study

Option 1: 5-day public training
Option 2: In-company training

Learn to develop, manage and maintain software security

Some 80% of all security breaches are application-related. Application security must therefore be a priority to organizations to protect their business and reputation. According to several studies, application vulnerabilities are ranked the number 1 threat to cybersecurity professionals. It is crucial that anyone involved in the Software Development Lifecycle (SDLC) is knowledgeable and experienced in understanding how to build secure software. In this 5-day training you will be prepared for the international Certified Secure Software Lifecycle Professional (CSSLP) title of (ISC)2.

Globally recognized proficiency in application security with CSSLP

This 5-day Certified Secure Software Lifecycle Professional (CSSLP) training provides you with the expertise to incorporate security practices - authentication, authorization and auditing - into each phase of the SDLC, from software design and implementation to testing and deployment. The CSSLP training will ensure that you have a deep knowledge and understanding of how to build secure software.

Certified Secure Software Lifecycle Professional (CSSLP) – why should you become certified?

In today's interconnected world, security must be included within each phase of the sofware lifecycle. The Certified Secure Software Lifecycle Professional (CSSLP) Common Body of Knowledge (CBK) contains the largest, most comprehensive collection of best practices, policies, and procedures to ensure a security initiative across all phases of application development, regardless of methodology. Many organizations have already adopted CSSLP as the preferred credential to convey one's expertise in security on the software development lifecycle.

Certified Secure Software Lifecycle Professional (CSSLP) – what will you learn?

This 5-day training provides a comprehensive review of applications, security concepts and best practices, covering the 8 domains of the CSSLP CBK. The CSSLP training will help you:

  • validate your expertise in application security
  • conquer application vulnerabilities offering more value to your employer
  • demonstrate a working knowledge of application security
  • differentiate and enhance your credibility and marketability on a worldwide scale
  • break the penetrate and patch test approach
  • reduce production cost, vulnerabilities and delivery days
  • enhance the credibility of your organization and the development team
  • reduce loss of revenue and reputation due to a breach resulting from insecure software
  • Ensure compliance with government or industry regulations

Certified Secure Software Lifecycle Professional (CSSLP) – who needs it?

Each software lifecycle stakeholder is responsible for a certain phase of the SDLC, but all phases must have security built into them. Certified Secure Software Lifecycle Professional (CSSLP) is intended for all stakeholders involved in the process of developing software. Each of the CSSLP domains covers how to build security into the different phases of the lifecycle.

The CSSLP training and certification are therefore meant for all stakeholders within the software lifecycle, like IT managers, security managers, project managers, auditors and software professionals such as software architects, software engineers, application security specialists, software program managers, business analysts, quality assurance testers, penetration testers and software procurement analysts.

Certified Secure Software Lifecycle Professional (CSSLP) – prerequisites

To become a CSSLP you must meet the following requirements:

  • provide proof of 4 years of experience in the SDLC (Software Development Lifecycle) process, or
  • 3 years of experience plus a Bachelor degree or regional equivalent in an IT discipline, and
  • subscribe to the (ISC)2 Code of Ethics

Do you not have the required application security experience to earn your CSSLP certification?

Earn your experience to become a Certified Secure Software Lifecycle Professional (CSSLP) as an associate of (ISC)2 by successfully passing the CSSLP exam. You will have up to 5 years to earn your experience.

Certified Secure Software Lifecycle Professional (CSSLP) – exam

The (ISC)2 exam to become a Secure Software Lifecycle Professional (CSSLP) is computer-based and proctored by Pearson Vue at over 4,000 global testing centers. The exam takes 4 hours and contains 178 multiple choice questions. The passing grade is 700 out of 1,000 points.

Certified Secure Software Lifecycle Professional (CSSLP) – examination weights

Domain I – Secure Software Concepts (13%)
Domain II – Secure Software Requirements (14%)
Domain III – Secure Software Design (16%)
Domain IV – Secure Software Implementation/ Programming (16%)
Domain V – Secure Software Testing (14%)
Domain VI – Software Lifecycle Management (10%)
Domain VII – Software Deployment, Operations, Maintenance and Disposal (9%)
Domain VIII – Supply Chain and Software Acquisition (8%)

Certified Secure Software Lifecycle Professional (CSSLP) – recertification

The CSSLP credential is valid for a period of 3 years. To maintain your credential you are required to earn 90 CPE credits in this period. Have you already earned another (ISC)2 credential like CISSP, CCSP or CCFP, then you will receive 40 CPE credits to maintain your certification.

Certified Secure Software Lifecycle Professional (CSSLP) – level of the training

The Certified Secure Software Lifecycle Professional (CSSLP) training will be held on a Bachelor level.

Certified Secure Software Lifecycle Professional (CSSLP) – courseware

This 5 day CSSLP training consists of theory, practical examples and instructive hands-on sessions. The lab sessions are designed to allow you to utilize the knowledge gained throughout the training. You will receive inspiring courseware.

Certified Secure Software Lifecycle Professional (CSSLP) – limited number of participants

Due to the interactive character of this CSSLP training, and to optimise the benefits from the various exercises, the number of participants is limited.

CSSLP – a natural complement to the CISSP credential

Certified Secure Software Lifecycle Professional (CSSLP) is an international certification incorporating new government-, commercial-, and university-derived secure software development methods and it is a natural complement to the CISSP credential!

About (ISC)2

(ISC)2 is the global non-profit leader in education and certification of cyber information, software and infrastructure security professionals throughout their careers. (ISC)2 provides vendor-neutral education products, career services and gold standard credentials to professionals over 160 countries. Join this elite network with over 110,000 certified industry professionals worldwide by obtaining the Secure Software Lifecycle Professional (CSSLP) title!

Partners

Would you like your logo/banner to be displayed here and are you interested in becoming a partner? Join us now and you and your business will have exposure during our monthly courses, on our website, in our brochures and through our newsletters. Contact us for more information!

In-company

Certified Secure Software Lifecycle Professional (CSSLP) – in-house

With at least 5 persons, an in-company training on the Secure Software Lifecycle Professional (CSSLP) credential could be your best choice. Are you interested? Please call us at +31 (0)40 246 0220 or send an e-mail to info@imfacademy.com to discuss the possibilities.

Content

Certified Secure Software Lifecycle Professional (CSSLP) – training programme

DOMAIN I
SECURE SOFTWARE CONCEPTS
Understand secure software concepts, methodologies, and implementation within centralized and decentralized environments across the enterprise's computer systems.

  • Core Concepts
  • Security Design Principles

DOMAIN II
SECURE SOFTWARE REQUIREMENTS
Understand the security controls required during the requirements gathering phase of the Secure Software Development Lifecycle.

  • Identify internal and external security requirements
  • Interpret data classification requirements
  • Identify privacy requirements
  • Develop misuse and abuse cases
  • Include security in software requirement specifications
  • Develop security requirement traceability matrix

DOMAIN III
SECURE SOFTWARE DESIGN
Understand the techniques of performing attack surface analysis and conducting threat modeling, as well as being able to identify and review the countermeasures that mitigate risk.

  • Perform threat modeling
  • Define the security architecture
  • Performing secure interface design
  • Performing architectural risk assesment
  • Modeling (non-functional) security properties and constraints
  • Model and classify data
  • Evaluate and select reusable secure design
  • Perform design security review
  • Design secure assembly architecture for component-based systems
  • Use security enhancing architecture and design tools
  • Use secure design principles and patterns

DOMAIN IV
SECURE LIFECYCLE MANAGEMENT
Learn about unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation.

  • Follow secure coding practices
  • Analyze code for security vulnerabilities
  • Implement security controls
  • Fix security vulnerabilities
  • Look for malicious code
  • Securely reuse third party code or libraries
  • Securely integrate components
  • Apply security during the build process
  • Debug security errors
  • Perform design security review
  • Design secure assembly architecture for component-based systems
  • Use security enhancing architecture and design tools
  • Use secure design principles and patterns

DOMAIN V
SECURE SOFTWARE TESTING
Know the standards for software quality assurance, and understand the concepts of functional and security testing, interoperability testing, bug tracking and testing of high priority code.

  • Develop security test cases
  • Develop security testing strategy and plan
  • Identify undocumented functionality
  • Interpret security implications of test results
  • Classify and track security errors
  • Secure test data
  • Develop or obtain security test data
  • Perform verification and validation testing

DOMAIN VI
SOFTWARE LIFECYCLE MANAGEMENT
Know the methods for determining completion criteria, risk acceptance and documentation (e.g., DRP and BCP), common criteria and methods of independent testing.

  • Secure configuration and version control
  • Establish security milestones
  • Choose a secure software methodology
  • Identify security standards and frameworks
  • Create security documentation
  • Develop security metrics
  • Decommission software
  • Report security status
  • Support governance, risk and compliance (GRC)

DOMAIN VII
SOFTWARE DEPLOYMENT, OPERATIONS, MAINTENANCE AND DISPOSAL
Know how to evaluate reports of vulnerabilities and release security advisories and updates when appropriate. Know how to conduct a post-mortem of reported vulnerabilities and take action as necessary, be familiar with procedures and security measures when a product reaches its end of life.

  • Perform implementation risk analysis
  • Release software securely
  • Securely store and manage security data
  • Ensure secure installation
  • Perform post-deployment security testing
  • Obtain security approval to operate
  • Perform security monitoring (e.g., managing error logs, audits, meeting SLAs, CIA metrics)
  • Support incident response
  • Support patch and vulnerability management
  • Support continuity of operations

DOMAIN VIII
SUPPLY CHAIN AND SOFTWARE ACQUISITION
Know how to establish a process for interacting with suppliers on issues such as vulnerability management, service level agreement (SLA) monitoring, and chain of custody troughout the source code development and maintenance lifecycle.

  • Analyze security of third party software
  • Verify pedigree and provenance
  • Provide security support to the acquisition process

Request brochure

Trainer(s)

Certified Secure Software Lifecyle Professional (CSSLP) – trainer

The trainer of this 5-day Certified Secure Software Lifecycle Professional (CSSLP) training is a very experienced instructor.

Start date(s)

The Certified Secure Software Lifecycle Professional (CSSLP) training consists of 5 days from 09.00 hrs - 17.00 hrs and will take place near Utrecht (the Netherlands) at the following dates:

Certified Secure Software Lifecycle Professional (CSSLP) - training I

  • 12 - 16 November 2018

Fee / Registration

The fee for the Certified Secure Software Lifecycle Professional (CSSLP) training is € 3,500 (VAT excl.) per person. The fee includes all lunches, coffee/tea, training materials and hands-on sessions. The costs of the Certified Secure Software Lifecycle Professional (CSSLP) exam are not included and will be approx. € 550,- per person.

*USD price is an approximate value. The actual USD price is based on the invoice date's exchange rate.



Step 1/4: Your selection


Terms & conditions
In case you are not able to attend, delegate substitution may be made up until 3 days before the start date of the CSSLP training without any additional charge. Written cancellations will be accepted up to 4 weeks prior to the starting date of the Certified Secure Software Lifecycle Professional (CSSLP) training:
-For cancellations up to 4 weeks before the start of the CSSLP training, we will charge € 95 for administration costs plus the costs for already received training materials.
-For cancellations between 4 and 2 weeks before the start of the CSSLP training, we will charge 25% of the training fee, € 95 for administration costs plus the costs for already received training materials.
-For cancellations within 2 weeks before the start of the CSSLP training, we will charge 75% of the training fee, € 95 for administration costs plus the costs for already received training materials.

Payment
Payment for training fees must be received before the start of the Certified Secure Software LIfecycle Professional (CCSLP) training, though always within 30 days of the invoice date.

Certified Secure Software Lifecycle Professional (CSSLP)

Register! Brochure IN-COMPANY