Certified Secure Software Lifecycle Professional (CSSLP) Boot Camp | Course Outline | ATG Learning

Course Outline

Certified Secure Software Lifecycle Professional (CSSLP) Boot Camp

CISP-1002 | Day | 5 Days

The Certified Secure Software Lifecycle Professional (CSSLP) validates that software professionals have the expertise to incorporate security practices authentication, authorization and auditing into each phase of the software development lifecycle (SDLC), from software design and implementation to testing and deployment.

Upcoming Dates:

  • Jun 20, 2022 - Jun 24, 2022
  • Aug 22, 2022 - Aug 26, 2022
  • Oct 24, 2022 - Oct 28, 2022
  • Dec 12, 2022 - Dec 16, 2022

Who should take this course

Course Objectives

The broad spectrum of topics included in the CSSLP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following eight domains:

Course Outline

Domain 1: Secure Software Concepts

1.1 Core Concepts

1.2 Security Design Principles

Domain 2: Secure Software Requirements

2.1 Identify Security Requirements

2.2 Interpret Data Classification Requirements

2.3 Identify Privacy Requirements

2.4 Develop Misuse and Abuse Cases

2.5 Include Security in Software Requirement Specifications

2.6 Develop Security Requirement Traceability Matrix

Domain 3: Secure Software Design

3.1 Perform Threat Modeling

3.2 Define the Security Architecture

3.3 Performing Secure Interface Design

3.4 Performing Architectural Risk Assessment

3.5 Modeling (Non-Functional) Security Properties and Constraints

3.6 Model and Classify Data

3.7 Evaluate and Select Reusable Secure Design

3.8 Perform Design Security Review

3.9 Design Secure Assembly Architecture for Component-Based Systems

3.10 Use Security Enhancing Architecture and Design Tools

3.11 Use Secure Design Principles and Patterns

Domain 4: Secure Software Implementation/Programming

4.1 Follow Secure Coding Practices

4.2 Analyze Code for Security Vulnerabilities

4.3 Implement Security Controls

4.4 Fix Security Vulnerabilities

4.5 Look for Malicious Code

4.6 Securely Reuse Third Party Code or Libraries

4.7 Securely Integrate Components

4.8 Apply Security during the Build Process

4.9 Debug Security Errors

Domain 5: Secure Software Testing

5.1 Develop Security Test Cases

5.2 Develop Security Testing Strategy and Plan

5.3 Identify Undocumented Functionality

5.4 Interpret Security Implications of Test Results

5.5 Classify and Track Security Errors

5.6 Secure Test Data

5.7 Develop or Obtain Security Test Data

5.8 Perform Verification and Validation Testing (e.g., IV&V)

Domain 6: Secure Lifecycle Management

6.1 Secure Configuration and Version Control

6.2 Establish Security Milestones

6.3 Choose a Secure Software Methodology

6.4 Identify Security Standards and Frameworks

6.5 Create Security Documentation

6.6 Develop Security Metrics

6.7 Decommission Software

6.8 Report Security Status

6.9 Support Governance, Risk, and Compliance (GRC)

Domain 7: Software Deployment, Operations, and Maintenance

7.1 Perform Implementation Risk Analysis

7.2 Release Software Securely

7.3 Securely Store and Manage Security Data

7.4 Ensure Secure Installation

7.5 Perform Post-Deployment Security Testing

7.6 Obtain Security Approval to Operate

7.7 Perform Security Monitoring (e.g., managing error logs, audits, meeting SLAs, CIA metrics)

7.8 Support Incident Response

7.9 Support Patch and Vulnerability Management

7.10 Support Continuity of Operations

Domain 8: Supply Chain and Software Acquisition

8.1 Analyze Security of Third Party Software

8.2 Verify Pedigree and Provenance

8.3 Provide Security Support to the Acquisition Process