CSSLP® - Certified Secure Software Lifecycle Professional

CSRCIND offers Online Training for Information Security, Cyber Security.


A certified secure software lifecycle professional (CSSLP) is a vendor-neutral certification that tests, validates and certifies an individual’s ability in implementing security within a software development lifecycle. CSSLP certifies individuals that implement secure techniques and processes in developing a software application. A CSSLP-certified individual can implement secure control, processes and policies throughout the development process.

CSSLP® - Certified Secure Software Lifecycle Professional

In order to be considered for the CSSLP® credentials, candidates are required to have a minimum of four (4) years of cumulative paid full-time Software Development Lifecycle (SDLC) professional work experience in two or more of the eight domains of the (ISC)2 CSSLP® CBK®. Candidates who holds an active certification that appears on the (ISC)2 approve list may receive an one (1) year experience waiver. Alternatively a four (4) year Bachelors degree in any IT/CS may be substituted for a one year experience. No more than 1 year of total experience may be waived.

CSSLP® - Online Training Course Content


  • CSSLP Introduction
  • Introduction
  • Objectives
  • Benefits
  • Secure Software Concepts
  • Concepts of secure software
  • Principles of secure design
  • Security and Privacy
  • Governance, Risk, and Compliance
  • Security Software Requirements
  • Policy decomposition
  • Classification and categorization
  • Functional requirements - Use cases and abuse cases
  • Secure software operational requirements
  • Secure Software Design
  • Importance of secure design
  • Design considerations
  • The design process
  • Securing commonly used architecture
  • Secure Software Coding
  • Fundamental programming concepts
  • Vulnerability databases and lists
  • Defensive coding practices and controls
  • Secure software processes


  • Security Software Testing
  • Artifacts of testing
  • Testing for security and quality assurance
  • Types of testing
  • Test Data Lifecycle Management
  • Software Acceptance
  • Software acceptance considerations
  • Post-release
  • Software Deployment, Operation, Maintenance and Disposal
  • Installation and deployment
  • Operations and maintenance
  • Disposal of software
  • Supply Chain Risk and Software Acquisition
  • Supplier Risk Assessment
  • Supplier Sourcing
  • Software Development and Test
  • Software Delivery, Operations and Maintenance
  • Supplier Transitioning
Back to top