The Official CSSLP Certification Boot Camp

5 Day Classroom  •  5 Day Live Online
Adjustable to meet your needs.
Group Rate:
GSA Discount:
When training eight or more people, onsite team training offers a more affordable and convenient option.
Register Now
Request Quote

It's widely agreed upon that almost 90% of security vulnerabilities are tied to the application layer and software, not to networks or hard IT assets. The CSSLP credential from (ISC)² is the definitive assurance that a security professional is trained and ready to mitigate and prevent this primary source of vulnerability.The CSSLP is the most up-to-date software security certification available, and is a critical skill set for the teams responsible for holistic organizational security. ASPE is one of the few Official Training Partners of the (ISC)² governing body, and we deliver only the most up-to-date official version of this class, conducted only by (ISC)² Authorized Instructors. With real-world application, this boot camp will cover the eight domains of the CSSLP CBK (Common Body of Knowledge).

Learn About Security Software Concepts
Learn About Security Software Requirements
Design phase of Secure Software Development
Learn About Security Software Implementation/Coding
Learn About Security Software Testing
Learn About Software Acceptance
Learn Software Deployment, Operations, Maintenance and Disposal
Learn About Supply Chain and Software Acquisition
Upcoming Dates and Locations
Guaranteed To Run

There aren’t any public sessions currently scheduled for this course, but if you fill out the form below, we can tell you about how we can bring this course to you!

Course Outline

This program covers 8 domains in 5 days. A modular format organizes and chunks information, which helps you retain the information as you are guided through the CSSLP course materials. Each knowledge domain of the class includes one or more of the following approaches to ensure supportive learning:

  • Presentation: The facilitator will explain content to participants using PowerPoint to guide the presentation. Multiple examples will be used to clarify points.
  • Short Lecture/Discussion: The facilitator will engage participants in conversation by asking questions and encouraging them to respond. Participants will be encouraged to provide examples from their experience.
  • Group Activity: Participants work in small teams of three or four. The facilitator will debrief with the entire class at the end of the activity.
  • Individual Activity: Individuals work on their own to complete an action plan, worksheet, or evaluation.

Part 1: Secure Software Concepts

  1. Concepts of Secure Software
  2. Principles of Security Design
  3. Security Privacy
  4. Governance, Risk, and Compliance
  5. Methodologies for Software Development

Part 2: Security Software Concepts provides you with concepts related to the core software security requirements and foundational design principles as they relate to issues of privacy, governance, risk, and compliance. Understand the software methodologies needed in order to develop software that is secure and resilient to attacks.

  1. Concepts of Secure Software
  2. Principles of Security Design
  3. Security Privacy
  4. Governance, Risk, and Compliance
  5. Methodologies for Software Development

Part 3: Security Software Requirements provides you with concepts related to understanding the importance of identifying and developing software with secure requirements. You incorporate security requirements in the development of software in order to produce software that is reliable, resilient, and recoverable.

  1. Policy Decomposition
  2. Classification and Categorization
  3. Functional Requirements - Use Cases and Abuse Cases
  4. Secure Software Operational Requirements

Part 4: Secure Software Design is one of the most important phases of the Software Development Life Cycle. The Security Software Design module provides you with an understanding of how to ensure that software security requirements are included in the design of the software. You will gain knowledge of secure design principles and processes, and be exposed to different architectures and technologies for securing software.

  1. Importance of Secure Design
  2. Design Considerations
  3. The Design Process
  4. Securing Commonly Used Architectures

Part 5: Secure Software Implementation/Coding provides you with an understanding of the importance of programming concepts that can effectively protect software from vulnerabilities. Cover topics such as software coding vulnerabilities, defensive coding techniques and processes, code analysis and protection, and environmental security considerations that should be factored into the software.

  1. Fundamental Programming Concepts
  2. Code Access Security
  3. Vulnerability Databases and Lists
  4. Defensive Coding Practices and Controls
  5. Secure Software Processes

Part 6: Security Software Testing addresses issues pertaining to proper testing of software for security, including the overall strategies and plans. You will understand the different types of functional and security testing that should be performed, the criteria for testing, concepts related to impact assessment and corrective actions, and the test data lifecycle.

  1. Artifacts of Testing
  2. Testing for Secure Quality Assurance
  3. Types of Testing
  4. Impact Assessment and Corrective Action
  5. Test Data Lifecycle Management

Part 7: Software Acceptance covers requirements for software acceptance paying specific attention to compliance, quality, functionality, and assurance. You will learn about pre and post-release validation requirements as well as pre-deployment criteria.

  1. Software Acceptance Considerations
  2. Post-release

Part 8: Software Deployment, Operation, Maintenance, and Disposal provides you with knowledge pertaining to the deployment, operations, maintenance, and disposal of software from a secure perspective. You identify processes during installation and deployment, operations and maintenance, and disposal that can affect the ability of the software to remain reliable, resilient, and recoverable in its prescribed manner.

  1. Installation and Deployment
  2. Operations and Maintenance
  3. Disposal of Software

Part 9: Supply Chain and Software Acquisition gives you the knowledge to perform effective assessments on an organizations cyber-supply chain, and describes how security applies to the supply chain and software acquisition process. You will understand the importance of supplier sourcing and being able to validate vendor integrity, from third-party vendors to complete outsourcing. Finally, cover how to manage risk through the adoption of standards and best practices for the proper development, testing, and learn to employ tools and resources necessary to mitigate risk across the entire lifecycle of products.

  1. Supplier Risk Assessment
  2. Supplier Sourcing
  3. Software Development and Test
  4. Software Delivery, Operations, and Maintenance
  5. Supplier Transitioning
Who should attend
  • Software developers
  • Engineers and architects
  • Product managers
  • Project managers
  • Software QA
  • QA testers
  • Business analysts
  • Anyone managing these stakeholders

This course is for students with at least 4 years of full-time secure software life cycle work experience in one or more of the eight domains of the (ISC)² Common Body of Knowledge (CBK®) described here, or three years of direct full-time secure software lifecycle professional work experience in one or more of the eight domains of the CSSLP CBK® with a 4-year college degree in an IT discipline.