get app

    Certified Secure Software Lifecycle Professional (CSSLP)

    BY
    Infosec Train

    Develop the advanced skills required to design, implement and develop security practices within every SDLC phase by enrolling in this programme.

    Brochure Enquire
    Mode

    Online

    Quick Facts

    particular details
    Medium of instructions English
    Mode of learning Self study, Virtual Classroom
    Mode of Delivery Video and Text Based

    Course overview

    Contrary to popular belief, software development is not just about coding. In fact, it involves creating secure code to seal all system vulnerabilities. The Certified Secure Software Lifecycle Professional training is designed for software and security professionals to apply the best practices in each phase of the software development lifecycle.

    What’s more, the Certified Secure Software Lifecycle Professional (CSSLP) programme covers all 8 domains included in the CSSLP certification. The chapters and modules are structured in a way that they are easy to comprehend. You will get 40 hours of training with expert and experienced instructors, along with access to recordings of the sessions and training from the Infosec Train platform.

    Certified Secure Software Lifecycle Professional (CSSLP) by Infosec train provides you with excellent guidance to clear the certification exam. You learn from trainers, who are the best in the industry. Hence, it will aid you in career advancement and help you land jobs with improved packages.

    The highlights

    • Free demo class
    • Flexible Schedule
    • 40 hours of instructor-led training
    • Recorded sessions provided
    • Technical support after training
    • Tailor-made training and sessions
    • Experienced and certified trainers

    Program offerings

    • Certified instructors
    • Free demo class
    • 1-to-1 training
    • Instructor-led training
    • Technical support after training
    • Training certificate
    • Recordings of sessions
    • Customised training

    Course and certificate fees

    certificate availability

    Yes

    certificate providing authority

    Infosec Train

    Who it is for

    Software developer Software engineer Software quality assurance engineer Project manager

    The Certified Secure Software Lifecycle Professional program caters to the following professionals:

    Eligibility criteria

    To take the Certified Secure Software Lifecycle Professional exam, you must have work experience of 4+ years in SDLC and one or more domains of the CSSLP CBK. Moreover, you can also attempt the exam with 3 years of experience in SDLC and one/more than one domain of CSSLP CBK and a 4-year Baccalaureate degree in Computer Science.

    You must appear for the 3-hour-long test to qualify for the Certified Secure Software Lifecycle Professional certificate and obtain 700 out of 1000 marks to pass the exam.

    What you will learn

    Software management

    After finishing Infosec Train’s Certified Secure Software Lifecycle Professional syllabus will learn the following: 

    • Secure software concepts
    • Secure software testing
    • Software security requirements
    • Secure software supply chain
    • Secure Software architecture and design
    • Secure software implementation
    • Secure software lifecycle management

    The syllabus

    Domain 1: Secure Software Concepts

    Understand Core Concepts
    • Confidentiality (e.g., Encryption)
    • Integrity (e.g., Hashing, Digital Signatures, Code Signing, Reliability, Modifications, Authenticity)
    • Availability (e.g., Redundancy, Replication, Clustering, Scalability, Resiliency)
    • Authentication (e.g., Multi-Factor Authentication (MFA), Identity & Access Management (IAM), Single Sign-On (SSO), Federated Identity, Biometrics)
    • Authorization (e.g., Access Controls, Permissions, Entitlements)
    • Accountability (e.g., Auditing, Logging)
    • Nonrepudiation (e.g., Digital Signatures, Blockchain)
    • Governance, Risk and Compliance (GRC) Standards (e.g., Regulatory Authority, Legal, Industry)
    Understand Security Design Principles
    • Least Privilege (e.g., Access Control, Need-to-Know, Run-Time Privileges, Zero Trust)
    • Segregation of Duties (SoD) (e.g., Multi-Party Control, Secret Sharing, Split Knowledge)
    • Defense in Depth (e.g., Layered Controls, Geographical Diversity, Technical Diversity, Distributed Systems)
    • Resiliency (e.g., Fail Safe, Fail Secure, No Single Point of Failure, Failover)
    • Economy of Mechanism (e.g., Single Sign-On (SSO), Password Vaults, Resource Efficiency)
    • Complete Mediation (e.g., Cookie Management, Session Management, CCaching of Credentials)
    • Open Design (e.g., Kerckhoffs’s Principle, Peer Review, Open Source, Crowd Source)
    • Least Common Mechanism (e.g., Compartmentalization/Isolation, Allow/Accept List)
    • Psychological Acceptability (e.g., Password Complexity, Passwordless Authentication, Screen Layouts, Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA))
    • Component Reuse (e.g., Common Controls, Libraries)

    Domain 2: Secure Software Lifecycle Management

    Manage Security within a Software Development Methodology
    Identify and Adopt Security Standards
    Outline Strategy and Roadmap
    • Security Milestones and Checkpoints (e.g., Control Rate, break/build criteria)
    Define and Develop Security Documentation
    Decommission Applications
    • End of Life (EOL) Policies (e.g., Credential Removal, Configuration Removal, License Cancellation, Archiving, Service-Level Agreements (SLA))
    • Data Disposition (e.g., Retention, Destruction, Dependencies)
    Create Security Reporting Mechanisms
    Incorporate Integrated Risk Management Methods
    • Regulations, Standards and Guidelines (e.g., International Organization for Standardization (ISO), Payment Card Industry (PCI), National Institute of Standards and Technology (NIST), Open Web Application Security Project (OWASP), Software Assurance Forum for Excellence in Code (SAFECode), Software Assurance Maturity Model (SAMM), Building Security in Maturity Model (BSIMM))
    • Legal (e.g., Intellectual Property, Breach Notification)
    • Risk Management (e.g., Risk Assessment, Risk Analysis)
    • Technical Risk vs. Business Risk
    Implement Secure Operation Practices
    • Change Management Process
    • Incident Response Plan
    • Verification and Validation
    • Assessment and Authorization (A&A) Process

    Domain 3: Secure Software Requirements

    Define Software Security Requirements
    • Functional (e.g., Business Requirements, Use Cases, Stories)
    • Non-Functional (e.g., Security, Operational, Continuity, Deployment)
    Identify Compliance Requirements
    • Regulatory Authority
    • Legal
    • Industry-Specific (e.g., Defense, Healthcare, Commercial, Financial, Payment Card Industry (PCI))
    • Company-Wide (e.g., Development Tools, Standards, Frameworks, Protocols)
    Identify Data Classification Requirements
    • Data Ownership (e.g., Data Dictionary, Data Owner, Data Custodian)
    • Data Labeling (e.g., Sensitivity, Impact)
    • Data Types (e.g., Structured, Unstructured)
    • Data Lifecycle (e.g., Generation, Storage, Retention, Disposal)
    • Data Handling (e.g., Personally Identifiable Information (PII), Publicly Available Information)
    Identify Privacy Requirements
    • Data Collection Scope
    • Data Anonymization (e.g., Pseudo Anonymous, Fully Anonymous)
    • User Rights (Legal) and Preferences (e.g., Data Disposal, Right to be Forgotten, Marketing Preferences, Sharing and Using Third Parties, Terms of Service)
    • Data Retention (e.g., How Long, Where, What)
    • Cross-Border Requirements (e.g., Data Residency, Jurisdiction, Multi-National Data Processing Boundaries)
    Define Data Access Provisioning
    • User Provisioning
    • Service Accounts
    • Reapproval Process
    Develop Misuse and Abuse
    • Mitigating Control Identification
    Develop Security Requirement Traceability Matrix
    Define Third-Party Vendor Security Requirements

    Domain 4: Secure Software Architecture and Design

    Define the Security Architecture
    • Secure Architecture and Design Patterns (e.g., Sherwood Applied Business Security Architecture (SABSA), Security Chain of Responsibility, Federated Identity)
    • Security Controls Identification and Prioritization
    • Distributed Computing (e.g., Client Server, Peer-to-Peer (P2P), Message Queuing, N-Tier)
    • Service-Oriented Architecture (SOA) (e.g., Enterprise Service Bus, Web Services, Microservices)
    • Rich Internet Applications (e.g., Client-Side Exploits or Threats, Remote Code Execution, Constant Connectivity)
    • Pervasive/Ubiquitous Computing (e.g., Internet of Things (IoT), Wireless, Location-Based, Radio-Frequency Identification (RFID), Near Field Communication (NFC), Sensor Networks, Mesh)
    • Embedded Software (e.g., Secure Boot, Secure Memory, Secure Update)
    • Cloud Architectures (e.g., Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS))
    • Mobile Applications (e.g., Implicit Data Collection Privacy)
    • Hardware Platform Concerns (e.g., Side-Channel Mitigation, Speculative Execution Mitigation, Secure Element, Firmware, Drivers)
    • Cognitive Computing (e.g., Artificial Intelligence (AI), Virtual Reality, Augmented Reality)
    • Industrial Internet of Things (IoT) (e.g., Facility-Related, Automotive, Robotics, Medical Devices, Software-Defined Production Processes)
    Perform Secure Interface Design
    • Security Management Interfaces, Out-of-Band Management, Log Interfaces
    • Upstream/Downstream Dependencies (e.g., Key and Data Sharing Between Apps)
    • Protocol Design Choices (e.g., Application Programming Interfaces (API), Weaknesses, State, Models)
    Evaluate and Select Reusable Technologies
    • Credential Management (e.g., X.509, Single Sign-On (SSO))
    • Flow Control (e.g., Proxies, Firewalls, Protocols, Queuing)
    • Data Loss Prevention (DLP)
    • Virtualization (e.g., Infrastructure as code (IaC), Hypervisor, Containers)
    • Trusted Computing (e.g., Trusted Platform Module (TPM), Trusted Computing Base (TCB))
    • Database Security (e.g., Encryption, Triggers, Views, Privilege Management, Secure Connections)
    • Programming Language Environment (e.g., Common Language Runtime, Java Virtual Machine (VM), Python, PowerShell)
    • Operating System (OS) Controls and Services
    • Secure Backup and Restoration Planning
    • Secure Data Retention, Retrieval, and Destruction
    Perform Threat Modeling
    • Threat Modeling Methodologies (e.g., Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE), Process for Attack Simulation and Threat Analysis (PASTA), Hybrid Threat Modeling Method, Common Vulnerability Scoring System (CVSS))
    • Common Threats (e.g., Advanced Persistent Threat (APT), Insider Threat, Common Malware, Third-Party Suppliers)
    • Attack Surface Evaluation
    • Threat Analysis
    • Threat Intelligence (e.g., Identify Credible Relevant Threats, Predict)
    Perform architectural risk assessment and design reviews
    Model (non-functional) security properties and constraints
    Define secure operational architecture (e.g., deployment topology, operational interfaces, Continuous Integration and Continuous Delivery (CI/CD))

    Domain 5: Secure Software Implementation

    Adhere to Relevant Secure Coding Practices (e.g., Standards, Guidelines, Regulations)
    • Declarative Versus Imperative (Programmatic) Security
    • Concurrency (e.g., Thread Safety, Database Concurrency Controls)
    • Input Validation and Sanitization
    • Error and Exception Handling
    • Output Sanitization (e.g., Encoding, Obfuscation)
    • Secure Logging & Auditing (e.g., Confidentiality, Privacy)
    • Session Management
    • Trusted/Untrusted Application Programming Interfaces (API), and Libraries
    • Resource Management (e.g., Compute, Storage, Network, Memory Management)
    • Secure Configuration Management (e.g., Baseline Security Configuration, Credentials Management)
    • Tokenization
    • Isolation (e.g., Sandboxing, Virtualization, Containerization, Separation Kernel Protection Profiles)
    • Cryptography (e.g., Payload, Field Level, Transport, Storage, Agility, Encryption, Algorithm Selection)
    • Access Control (e.g., Trust Zones, Function Permissions, Role-Based Access Control (RBAC), Discretionary Access Control (DAC), Mandatory Access Control (MAC))
    • Processor Microarchitecture Security Extensions
    Analyze Code for Security Risks
    • Secure Code Reuse
    • Vulnerability Databases/Lists (e.g., Open Web Application Security Project (OWASP) Top 10, Common Weakness Enumerations (CWE), SANS Top 25 Most Dangerous Software Errors)
    • Static Application Security Testing (SAST) (e.g., Automated Code Coverage, Linting)
    • Manual Code Review (e.g., Peer Review)
    • Inspect for Malicious Code (e.g., Backdoors, Logic Bombs, High Entropy)
    Implement Security Controls (e.g., Watchdogs, File Integrity Monitoring, Anti-Malware)
    Address the Identified Security Risks (e.g., Risk Strategy)
    Evaluate and Integrate Components
    • Systems-of-Systems Integration (e.g., Trust Contracts, Security Testing, Analysis)
    • Reusing Third-Party Code or Open-Source Libraries in a Secure Manner (e.g., Software Composition Analysis)
    Apply Security During the Build Process
    • Anti-Tampering Techniques (e.g., Code Signing, Obfuscation)
    • Compiler Switches
    • Address Compiler Warnings

    Domain 6: Secure Software Testing

    Develop Security Testing Strategy & Plan
    • Standards (e.g., International Organization for Standardization (ISO), Open Source Security Testing Methodology Manual, Software Engineering Institute)
    • Functional Security Testing (e.g., Logic)
    • Non Functional Security Testing (e.g., Reliability, Performance, Scalability)
    • Testing Techniques (e.g., Known Environment Testing, Unknown Environment Testing, Functional Testing, Acceptance Testing)
    • Testing Environment (e.g., Interoperability, Test Harness)
    • Security Researcher Outreach (e.g., Bug Bounties)
    Develop Security Test Cases
    • Attack Surface Validation
    • Automated Vulnerability Testing (e.g., Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST))
    • Penetration Tests (e.g., Security Controls, Known Vulnerabilities, Known Malware)
    • Fuzzing (e.g., Generated, Mutated)
    • Simulation (e.g., Simulating Production Environment and Production Data, Synthetic Transactions)
    • Failure (e.g., Fault Injection, Stress Testing, Break Testing))
    • Cryptographic Validation (e.g., Pseudorandom Number Generators, Entropy)
    • Unit Testing and Code Coverage
    • Regression Tests
    • Integration Tests
    • Continuous Testing
    • Misuse and Abuse Test Cases
    Verify and Validate Documentation (e.g., Installation and Setup Instructions, Error Messages, User Guides, Release Notes)
    Identify Undocumented Functionality
    Analyze Security Implications of Test Results (e.g., Impact on Product Management, Prioritization, Break/Build Criteria)
    Classify and Track Security Errors
    • Bug Tracking (e.g., Defects, Errors, and Vulnerabilities)
    • Risk Scoring (e.g., Common Vulnerability Scoring System (CVSS))
    Secure Test Data
    • Generate Test Data (e.g., Referential Integrity, Statistical Quality, Production Representative)
    • Reuse of Production Data (e.g., Obfuscation, Sanitization, Anonymization, Tokenization, Data Aggregation Mitigation)
    Perform Verification and Validation Testing (e.g., Independent/Internal Verification and Validation, Acceptance Test)

    Domain 7: Secure Software Deployment, Operations, Management

    Perform Operational Risk Analysis
    • Deployment Environment (e.g., Staging, Production, Quality Assurance (QA))
    • Personnel Training (e.g., Administrators vs. Users)
    • Legal Compliance (e.g., Adherence to Guidelines, Regulations, Privacy Laws, Copyright, etc.)
    • System Integration
    Secure Configuration and Version Control
    • Hardware
    • Baseline Configuration
    • Version Control/Patching
    • Documentation Practices
    Release Software Securely
    • Secure Continuous Integration and Continuous Delivery (CI/CD) Pipeline (e.g., DevSecOps)
    • Application Security Toolchain
    • Build Artifact Verification (e.g., Code Signing, Hashes)
    Store and Manage Security Data
    • Credentials
    • Secrets
    • Keys/Certificates
    • Configurations
    Ensure Secure Installation
    • Secure Boot (e.g., key Generation, Access, Management)
    • Least Privilege
    • Environment Hardening (e.g., Configuration Hardening, Secure Patch/Updates, Firewall)
    • Secure Provisioning (e.g., Credentials, Configuration, Licensing, Infrastructure as Code (IaC))
    • Security Policy Implementation
    Obtain Security Approval to Operate (e.g., Risk Acceptance, Sign-Off at Appropriate Level)
    Perform Information Security Continuous Monitoring
    • Observable Data (e.g., Logs, Events, Telemetry, Trace Data, Metrics)
    • Threat Intelligence
    • Intrusion Detection/Response
    • Regulation and Privacy Changes
    • Integration Analysis (e.g., Security Information and Event Management (SIEM))
    Execute the Incident Response Plan
    • Incident Triage
    • Forensics
    • Remediation
    • Root Cause Analysis
    Perform Patch Management (e.g. Secure Release,Testing)
    Perform Vulnerability Management (e.g., Tracking, Triaging, Common Vulnerabilities and Exposures (CVE))
    Incorporate Runtime Protection (e.g., Runtime Application Self Protection (RASP), Web Application Firewall (WAF), Address Space Layout Randomization (ASLR), Dynamic Execution Prevention)
    Support Continuity of Operations
    • Backup, Archiving, Retention
    • Disaster Recovery Plan (DRP)
    • Resiliency (e.g., Operational Redundancy, Erasure Code, Survivability, Denial-of-Service (DoS))
    • Business Continuity Plan (BCP)
    Integrate Service Level Objectives and Service-Level Agreements (SLA) (e.g., Maintenance, Performance, Availability, Qualified Personnel)

    Domain 8: Secure Software Supply Chain

    Implement Software Supply Chain Risk Management (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST))
    • Identification and Selection of the Components
    • Risk Assessment of the Components (e.g., Mitigate, Accept)
    • Maintaining Third-Party Components List (e.g., Software bill of Materials)
    • Monitoring for Changes and Vulnerabilities
    Analyze Security of Third-Party Software
    • Certifications
    • Assessment Reports (e.g., Cloud Controls Matrix)
    • Origin and Support

    Admission details

    • Access the Certified Secure Software Lifecycle Professional (CSSLP) course webpage.
    • Choose any of the learning methods and click the ‘Enroll Now’ option.
    • Fill in the details before you click on ‘submit now’.

    Filling the form

    There is no elaborate form for registering yourself in the Secure Software Lifecycle Professional certification course. However, you must enter your full name, an active email address, phone number and country to enroll. Then, type a comment explaining the kind of training required before you submit the form.

    Evaluation process

    The Certified Secure Software Lifecycle Professional exam is of 3 hours and consists of 125 MCQ questions. You are required to score 700/1000 to pass the exam.

    How it helps

    The Certified Secure Software Lifecycle Professional training will help you stand out in the industry and help you land jobs with better salaries. The course will also provide valuable guidance to clear the certification exam.

    Instructors

    Mr Prabh Nair
    Instructor
    Freelancer

    FAQs

    Is this course suited for Software Engineers?

    Yes, the Certified Secure Software Lifecycle Professional course is suitable for Software Engineers.

    Will there be any technical support after completing the training?

    Infosec Train provides technical support after completing the training.

    How many hours of expert training is provided in the course?

    The course provides 40 hours of training with instructors.

    Who will be the course advisor for this programme?

    The course advisor for Certified Secure Software Lifecycle Professional by Infosec Train will be Prabh Nair, a certified security specialist with years of experience.

    Is the CSSLP exam available in multiple languages?

    No, the CSSLP exam is only available in English for now.

    Articles

    Popular Articles

    150+ UGC Approved Online Degree Courses by Top Universities 150+ UGC Approved Online Degree Courses by Top ... Updated On 11 Nov, 2024
    Top 12 Certification Courses Offered by IIT Bombay Top 12 Certification Courses Offered by IIT Bombay Updated On 02 Nov, 2024
    Top 10 Indian Universities Offering Online Degrees Top 10 Indian Universities Offering Online Degrees Updated On 02 Nov, 2024
    Top 16 IIT Madras Online Degree, Diploma, and Certification Courses Top 16 IIT Madras Online Degree, Diploma, and C... Updated On 11 Oct, 2024
    The Scope of Artificial Intelligence in India The Scope of Artificial Intelligence in India Updated On 14 Jul, 2024
    Top 10 Online Healthcare and Hospital Management Courses Top 10 Online Healthcare and Hospital Managemen... Updated On 11 May, 2024
    UGC Guidelines to Pursue Online Courses UGC Guidelines to Pursue Online Courses Updated On 13 Mar, 2024
    Reasons to Enroll for an Online Content Writing Course Reasons to Enroll for an Online Content Writing... Updated On 29 Feb, 2024
    Top 10 Online Animation Certificate Courses for a Better Career Top 10 Online Animation Certificate Courses for... Updated On 27 Feb, 2024
    Best Programming Languages to Learn in 2024 Best Programming Languages to Learn in 2024 Updated On 13 Feb, 2024

    Latest Articles

    Top online Computer Courses for High Paying Jobs Updated On 07 Nov, 2024
    10 Best Free Online Computer Courses With Certificate Updated On 11 Sep, 2024
    What Are Online Bootcamp Courses? A Step-By-Step Guide Updated On 24 Jun, 2024
    Top 50 Binary Tree Interview Questions and Answers Updated On 03 Apr, 2024
    Computer Science Project Topics for Students to Pursue Right Now Updated On 21 Mar, 2024
    15 Online Courses in Computer Science for Students in India Updated On 29 Feb, 2024
    What Is Sorting in Data Structures? Updated On 20 Feb, 2024
    Different Search Methods Used for Searching in Data Structure Updated On 13 Feb, 2024
    All You Need to Know About Graphs in Data Structures Updated On 07 Feb, 2024
    Understanding Data Structures Basics, Benefits and Project Ideas Updated On 02 Feb, 2024
    15 Online Courses for Computer Science Graduates Updated On 08 Mar, 2022
    Top 15 Online Computer Science Courses to Pursue Updated On 25 Sep, 2021

    Trending Courses

    Digital Marketing Courses Fashion Design Courses Data Science Courses Interior Design Courses Graphic Designing Courses Cyber Security Courses Nursing Courses Tally Courses Data Analysis Courses Web Designing Courses Artificial Intelligence Courses Ethical Hacking Courses Free Digital Marketing Courses And certifications Free Artificial Intelligence Courses And Certifications Free Data Analysis Courses And Certifications Free Cyber Security Courses And Certifications Free Data Science Courses And Certifications Free Cloud Computing Courses And Certifications Free Python Courses And Certifications Free Fashion And Textiles Courses And Certifications Free Graphic Designing Courses And Certifications Free Web Designing Courses And Certifications

    Popular Courses

    General Management Courses Public Health Courses Teaching and Education Courses Financial Management Courses Web Development Courses Mathematics Courses Data Science Courses Cyber Security Courses Programming Courses Digital Marketing Courses Law Courses Leadership Courses Explore all courses

    Popular Platforms

    upGrad Courses Udemy Courses Edx Courses Swayam Courses Coursera Courses Futurelearn Courses Mindmajix Technologies Courses Vskills Courses IIT Kharagpur Courses Emeritus Courses IIT Kanpur Courses NPTEL Courses Explore all platforms

    Learn more about the Courses

    10 Reasons to Enrol Yourself in a Digital Marketing Course 8 Must-Have Skills for AWS Cloud Architects Planning to Upskill Yourself? Enrol for a Program in Data Science 25+ Tips for Improving Your Graphic Design Skills Top Universities in India Offering Cyber Security Courses 15+ Courses for Learning Data Mining How to Make a Career in the Field of Artificial Intelligence Top 10 Benefits Of Holding A Certification In Business Intelligence Which are the best certification courses for Photography in India A Beginner's Guide to Pursue Python Programming Want to Pursue a Career in Blockchain Technology? Here is all that you need to Know How Entrepreneurs Can Use Machine Learning to Make their Business Successful? The Scope of Artificial Intelligence in India Top 10 Online Courses for Travel Lovers 10 Best Certification Courses After Hospital and Healthcare Management
    Providers
    Close

    Download the Careers360 App on your Android phone

    Regular exam updates, QnA, Predictors, College Applications & E-books now on your Mobile

    Careers360 App
    150M+ Students
    30,000+ Colleges
    500+ Exams
    1500+ E-books