CSSLP Prep Training

Software Developers, Team Leads, Enterprise Architects, Solution Architects, and Information Technology Architects

In this training, attendees will learn:

• Secure programming principles
• Specific standards to apply
• How to write code in a secure manner
• How do design code in a secure manner

Some knowledge of programming is useful

Five days

Outline of CSSLP Prep Training

• The course exactly follows the CSSLP outline. There are additional topics added where/when appropriate, but the course primarily follows the ISC2 CSSLP outline.

Domain 1: Secure Software Concepts

• Security concepts
• Threats
• OWASP top 10

Domain 2: Secure Software Requirements

• Identify security requirements
• Interpret data classification requirements
• Identify privacy requirements
• Requirements analysis
• Requirements traceability

Domain 3: Secure Software Design

• Threat modeling
• Vulnerability analysis
• Define the security architecture
• Model (non-functional) security properties and constraints
• Evaluate and select reusable secure design
• Use secure design principles and patterns
• Secure software standards

Domain 4: Secure Software Implementation/Programming

• Follow secure coding practices
• Analyze code for security vulnerabilities
• Implement security controls
• Fix security vulnerabilities
• Look for malicious code
• Securely reuse third party code or libraries
• Securely integrate components
• Apply security during the build process
• Debug security errors
• Error handling and data validation
• Constraining and filtering user input

Domain 5: Secure Software Testing

• Develop security test cases
• Testing standards
• Develop security testing strategy and plan
• Identify undocumented functionality
• Interpret security implications of test results
• Classify and track security errors
• Secure test data
• Develop or obtain security test data
• Perform verification and validation testing (e.g., IV&V)

Domain 6: Secure Lifecycle Management

• Secure configuration and version control
• Establish security milestones
• Choose a secure software methodology
• Identify security standards and frameworks
• Create security documentation
• Develop security metrics
• Support governance, risk and compliance

Domain 7: Software Deployment, Operations and Maintenance

• Perform implementation risk analysis
• Release software securely
• Securely store and manage security data
• Ensure secure installation
• Perform post-deployment security testing
• Obtain security approval to operate
• Perform security monitoring (e.g., managing error logs, audits, meeting SLAs, CIA metrics)
• Support incident response
• Support patch and vulnerability management
• Support continuity of operations

Domain 8: Supply Chain and Software Acquisition

• Analyze security of third party software
• Verify pedigree and provenance
• Provide security support to the acquisition process