The Certified Secure Software Lifecycle Professional (CSSLP) course is designed for professionals who demonstrate a globally recognized level of competence, as defined in a common body of knowledge by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness.
Upon completing this course, the student will be able to meet these overall objectives:
- The goal of the Security Software Concepts module is to provide the learner with concepts related to the core software security requirements and foundational design principles as they relate to issues of privacy, governance, risk and compliance. Learners will understand the software methodologies needed in order to develop software that is secure and resilient to attacks.
- The goal of the Security Software Requirements module is to provide the learner with concepts related to understanding the importance of identifying and developing software with secure requirements. The learner will be able to incorporate security requirements in the development of software in order to produce software that is reliable, resilient, and recoverable.
- The design phase of Secure Software Development is one of the most important phases in the Software Development Life Cycle. The Security Software Design module will provide the learner with an understanding on how to ensure that software security requirements are included in the design of the software. Learners will gain knowledge of secure design principles and processes, and be exposed to different architectures and technologies for securing software.
- The Security Software Implementation/Coding module will provide the learner with an understanding the importance of programming concepts that can effectively protect software from vulnerabilities. Learners will touch on topics such as software coding vulnerabilities, defensive coding techniques and processes, code analysis and protection, and environmental security considerations that should be factored into software.
- The Security Software Testing module will address issues pertaining to proper testing of software for security, including the overall strategies and plans. Learners will gain an understanding of the different types of functional and security testing should be performed, what are the criteria for testing, concepts related to impact assessment and corrective actions, and understanding the test data lifecycle.
- The Software Acceptance module provides an understanding of the requirements for software acceptance paying specific attention to compliance, quality, functionality, and assurance. Participants will learn about pre- and post- release validation requirements and well as pre-deployment criteria.
- The Software Deployment, Operations, Maintenance and Disposal module provides the learner with knowledge pertaining to the deployment, operations, maintenance, and disposal of software from a secure perspective. This is achieved by identifying processes during installation and deployment, operations and maintenance, and disposal that can affect the ability of the software to remain reliable, resilient, and recoverable in its prescribed manner.
- The Supply Chain and Software Acquisition module provides the learner with knowledge on how to perform effective assessments on an organizations cyber-supply chain, and describes how security applies to the supply chain and software acquisition process. Learners will understand the importance of supplier sourcing and being able to validate vendor integrity, from third-party vendors, to complete outsourcing. Finally, learners will understand how to manage risk through the adoption of standards and best practices for the proper development, testing, and learning to employ tools and resources necessary to mitigate risk across the entire lifecycle of products.