The Certified Secure Software Lifecycle Professional (CSSLP) certification is a vendor neutral credential; launched in 2008 by the International Information System Security Certification Consortium, or (ISC)2.
This exam is very challenging even to software developers with experience because of the depth of knowledge required to learn in order to pass.This course has been developed by an industry professional with over twenty years of IT experience. Course contains numerous aids to help the learning process such as demos, discussions, whiteboard designs, test tips, practice reviews and practice questions.
The CSSLP certification validates that the certified professional has the expertise to include the best security practices, auditing, and authorization into each phase of the Software Development Lifecycle (SDLC). SDLC phases include software design, implementation, testing, and deployment. After earning their CSSLP certification, a software professional will be able to develop a software security program in their organization, reduce production cost, mitigate source code vulnerabilities, and reduce losses because of software breaches.
The CSSLP meets the Level I and II IA System Architecture and Engineering requirements of the DoD mandate 8570.01M. Additionally, the CSSLP certification is accredited for the requirements of ANSI/IEC/ISO Standard-17024.
The CSSLP certification exam is a well written exam evaluating potential candidates across eight different domains.
The exam contains 175 question, multiple-choice exam is administered over a 4-hour period at a Pearson Professional Center.
The CSSLP exam questions are developed from the skills and information contained within the CSSLP CBK with the following tested percentages.
Secure Software Concepts – 13%
Secure Software Requirements – 14%
Secure Software Design – 16%
Secure Software Implementation/Programming – 16%
Secure Software Testing – 14%
Secure Lifecycle Management – 10%
Software Development, Operations, and Maintenance – 9%
Supply Chain and Software Acquisition – 8%
Who would be the target audience?
The audience should be willing to study and review materials to pass the CSSLP Plus and meet the requirements set by ISC2 In order to become a fully certified CSSLP, (ISC)² requires the candidate to have a minimum of four years cumulative paid full-time SDLC experience in one or more of the eight domains of the CSSLP credential.
A candidate can substitute one year of experience for a four-year college degree. If a candidate passes the certification exam but does not possess the required years of experience they will become an associate of (ISC)² and have five years to earn the experience. At which time they will become a fully certified CSSLP.
Roles which would benefit from taking the exam.
What you will learn
Protecting data and business assets and complying with applicable laws and regulations
Following secure coding standards and how documentation can help in the maintenance and operations of software
Identifying software vulnerabilities and how to perform testing of units of code
Managing each phase of the software development lifecycle (SDLC)
Developing security to meet environmental risk and operational challenges
Supporting incident response, patch and vulnerability management, and continuity of operations
Supporting the software acquisitions process
Understanding security related frameworks and best practices