CSSLP – Certified Secure Software Lifecycle Professional Training

Learn the best practices, policies, and procedures to ensure a security initiative across all phases of application development in this official (ISC)2 course.

This course is designed to take you through all aspects of the secure software lifecycle incorporating planning, designing, developing, acquiring, testing, deploying, maintaining, and managing software. You will learn a series of software methodologies to develop software that is secure and resilient to attacks while meeting software requirements for compliance, quality, functionality and assurance through design principles and processes. Participants will gain programming concepts that can effectively protect software from vulnerabilities. You will gain skills to manage risk through the adoption of standards and best practices for the proper development, testing, and learning to employ tools and resources necessary to mitigate risk across the entire lifecycle of products all while preparing for the official (ISC)2 CSSLP exam.

This course is your one source for exam preparation and includes:

  • Official (ISC)2 Guide to the CSSLP Common Body of Knowledge® (CBK)
  • Official (ISC)2 CSSLP Training Handbook
  • Official (ISC)2 CSSLP Flash Cards
  • CSSLP Certification Exam Voucher


CSSLP® – Certified Secure Software Lifecycle Professional


Employees of federal, state and local governments; and businesses working with the government.

What You’ll Learn

In-depth coverage of the eight domains required to pass the CSSLP exam:

  1. Secure Software Concepts
  2. Security Software Requirements
  3. Secure Software Design
  4. Secure Software Implementation/Coding
  5. Secure Software Testing
  6. Software Acceptance
  7. Software Deployment, Operation, Maintenance and Disposal
  8. Supply Chain and Software Acquisition

Who Needs to Attend

  • Software developers
  • Engineers
  • Architects
  • Software QA
  • QA testers
  • Individuals pursuing CSSLP® Certification


At least four years of direct full-time secure software lifecycle professional work experience in one or more of the eight domains of the (ISC)² CSSLP Common Body of Knowledge® (CBK), or three years of direct full-time secure software lifecycle professional work experience in one or more of the eight domains of the CSSLP CBK with a four-year college degree in an information technology discipline.

Course Outline

1. Domain 1: Secure Software Concepts

  • Concepts of Secure Software
  • Principles of Security Design
  • Security Privacy
  • Governance, Risk, and Compliance
  • Methodologies for Software Development

2. Domain 2: Security Software Requirements

  • Policy Decomposition
  • Classification and Categorization
  • Functional Requirements – Use Cases and Abuse Cases
  • Secure Software Operational Requirements

3. Domain 3 – Secure Software Design

  • Importance of Secure Design
  • Design Considerations
  • The Design Process
  • Securing Commonly Used Architectures

4. Domain 4 – Secure Software Implementation/coding

  • Fundamental Programming Concepts
  • Code Access Security
  • Vulnerability Databases and Lists
  • Defensive Coding Practices and Controls
  • Secure Software Processes

5. Domain 5 – Security Software Testing

  • Artifacts of Testing
  • Testing for Secure Quality Assurance
  • Types of Testing
  • Impact Assessment and Corrective Action
  • Test Data Lifecycle Management

6. Domain 6 – Software Acceptance

  • Software Acceptance Considerations
  • Post-release

7. Domain 7 – Software Deployment, Operation, Maintenance and Disposal

  • Installation and Deployment
  • Operations and Maintenance
  • Disposal of Software

8. Domain 8 – Supply Chain and Software Acquisition

  • Supplier Risk Assessment
  • Supplier Sourcing
  • Software Development and Test
  • Software Delivery, Operations and Maintenance
  • Supplier Transitioning