Enabling the Next Generation to Build Secure Software
Attackers and researchers continue to expose new application vulnerabilities, and it's no wonder that application vulnerabilities are ranked the #1 threat to cybersecurity professionals (according to the 2015 (ISC)² Global Information Security Workforce Study). Web application security must be a priority for organizations to protect their business and reputation. For this reason, it is crucial that anyone involved in the software development lifecycle (SDLC) be knowledgeable and experienced in understanding how to build secure software.
The CSSLP certification validates software professionals have the expertise to incorporate security practices – authentication, authorization and auditing – into each phase of the SDLC, from software design and implementation to testing and deployment. CSSLPs have proven proficiency in:
- Developing an application security program in their organization
- Reducing production costs, application vulnerabilities and delivery delays
- Enhancing the credibility of their organization and its development team
- Reducing loss of revenue and reputation due to a breach resulting from insecure software
CSSLP Course Overview
Led by an (ISC)² authorized instructor, this training seminar provides a comprehensive review of application security concepts and industry best practices, covering the 8 domains of the CSSLP CBK:
- Secure Software Concepts
- Security Software Requirements
- Secure Software Design
- Secure Software Implementation/Coding
- Secure Software Testing
- Software Acceptance
- Software Deployment, Operations, Maintenance and Disposal
- Supply Chain and Software Acquisition
Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open ended questions from the instructor to the students, matching and poll questions, group activities, open/closed questions, and group discussions. This interactive learning technique is based on sound adult learning theories.
This training course will help candidates review and refresh their application security knowledge and help identify areas they need to study for the CSSLP exam and features:
- Official (ISC)² courseware
- Taught by an authorized (ISC)² instructor
- Student handbook
- Collaboration with classmates
- Real-world learning activities and scenarios
Who should attend?
This course is designed for professionals who demonstrate a globally recognized level of competence, as defined in a common body of knowledge, by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness.
The course is intended for students who have at least four years of direct full-time secure software lifecycle professional work experience in one or more of the 8 domains of the CSSLP CBK, or three years of direct full-time secure software lifecycle professional work experience in one or more of the eight domains of the CSSLP CBK with a four-year college degree in an information technology discipline. The course builds on and brings together the holistic view of the topics covered in the everyday environment of an information assurance professional. Experience in the following professions will greatly enhance the learning environment.
- Software developers
- Engineers and architects
- Product managers
- Project managers
- Software QA
- QA testers
- Business analysts
- Professionals who manage these stakeholders
- The goal of the Security Software Concepts module is to provide the learner with concepts related to the core software security requirements and foundational design principles as they relate to issues of privacy, governance, risk, and compliance. Learners will understand the software methodologies needed in order to develop software that is secure and resilient to attacks.
- The goal of the Security Software Requirements module is to provide the learner with concepts related to understanding the importance of identifying and developing software with secure requirements. The learner will be able to incorporate security requirements in the development of software in order to produce software that is reliable, resilient, and recoverable.
- The design phase of secure software development is one of the most important phases in the Software Development Lifecycle. The Security Software Design module provides the learner with an understanding of how to ensure that software security requirements are included in the design of the software. Learners will gain knowledge of secure design principles and processes, and be exposed to different architectures and technologies for securing software.
- The Security Software Implementation/Coding module provides the learner with an understanding of the importance of programming concepts that can effectively protect software from vulnerabilities. Learners will touch on topics such as software coding vulnerabilities, defensive coding techniques and processes, code analysis and protection, and environmental security considerations that should be factored into software.
- The Security Software Testing module addresses issues pertaining to proper testing of software for security, including the overall strategies and plans. Learners will gain an understanding of the different types of functional and security testing that should be performed, the criteria for testing, concepts related to impact assessment and corrective actions, and the test data lifecycle.
- The Software Acceptance module provides an understanding of the requirements for software acceptance, paying specific attention to compliance, quality, functionality, and assurance. Participants will learn about pre- and post-release validation requirements and well as pre-deployment criteria.
- The Software Deployment, Operations, Maintenance, and Disposal module provides the learner with knowledge pertaining to the deployment, operations, maintenance, and disposal of software from a secure perspective. This is achieved by identifying processes during installation and deployment, operations and maintenance, and disposal that can affect the ability of the software to remain reliable, resilient, and recoverable in its prescribed manner.
- The Supply Chain and Software Acquisition module provides the learner with knowledge on how to perform effective assessments on an organization's cyber-supply chain, and describes how security applies to the supply chain and software acquisition process. Learners will understand the importance of supplier sourcing and being able to validate vendor integrity, from third-party vendors to complete outsourcing. Finally, learners will understand how to manage risk through the adoption of standards and best practices for proper development and testing across the entire lifecycle of products.