Certified Secure Software Lifecycle Professional

CSSLP (Certified Secure Software Lifecycle Professional) is a cybersecurity certification from ISC2, designed to help learners master how to integrate security into the entire software development lifecycle. It focuses on addressing vulnerabilities, managing risks, and ensuring compliance with regulations. The course teaches best practices to eliminate security issues caused by development flaws, solve security challenges across the software lifecycle, and build expertise in software security. By the end of the program, learners will be able to incorporate security into every stage of software development, enhancing both their knowledge and skills.
0.0
(0)
40 hours

About Course

After completing the course, learners will be able to effectively assess risks in software development, identify potential vulnerabilities and weaknesses, and implement appropriate risk management measures to reduce risks and prevent cybersecurity incidents. From a risk management perspective, learners will gain the ability to integrate risk management into the software development lifecycle, monitor risks during development, identify possible vulnerabilities, and establish control measures to ensure the software’s security and reliability.

DatesPriceEarly Bird 
平日班 2025/4/21-25NT 50,000NT 45,000 
假日班 2025/4/26,5/3,10,17,24NT 50,000NT 45,000

Course Info

Duration: 5 days (09:00~18:00; 8 hours per day)
Fee: NT$ 50000 Early Bird Discount Price: NT$ 45000
Points: 12.5

Features

Software development is the backbone of all system operations. Even critical security tools like firewalls, IDS/IPS, and more are powered by software. Yet, courses specifically focusing on software security are rare compared to other cybersecurity topics. The importance of developing secure software is only increasing, especially since most security breaches stem from vulnerabilities in information systems. Frequent patch updates (like various update notifications) further highlight the need for secure software development. This course is unique because it offers a cybersecurity certification tailored to everyone involved in the Software Development Life Cycle (SDLC).

The CSSLP covers eight key areas, including software security fundamentals, software lifecycle security management, secure software design, supply chain and software procurement, among others. The goal is to help those involved in software development understand and master the processes and methods of secure software development. It spans the entire software lifecycle and risk management, guiding professionals on the standards and tools to use at each development stage to assess overall security.

The CSSLP is an officially recognized cybersecurity certification by ISC2, with the certificate issued by ISC2. This certification helps businesses prevent the loss caused by security incidents and ensures the security and reliability of software development.

AIN Network Training Center is an ISC2 authorized training provider, and the instructors are certified and qualified by ISC2.

Course Outline

The CSSLP (Certified Secure Software Lifecycle Professional) course outline covers eight key domains. The following description is derived from the ISC2 official electronic textbook, 6th edition (latest version):

  • Domain 1: Secure Software Concepts
    • Define core security goals for software development.
    • Describe the three elements of information security and explain the main mechanisms of information confidentiality, integrity and availability.
    • Describe the relationship between information security and data privacy.
    • Identify regulatory considerations that impact software security.
    • Explain how security methods mitigate vulnerabilities through access control.
    • Describe the purpose and function of multiple layers of protection in software security.
    • Describe how security culture and practices impact data privacy and security.
  • Domain 2: Secure Software Life Cycle Management
    • Exploring security in predictive and adaptive approaches to software development.
    • Describe integrating software security practices into the SDLC process.
    • Define DevOps and DevSecOps.
    • Understand security configuration standards and benchmarks.
    • Describe the security-centered configuration management process.
    • Security standards for identifying software weaknesses and vulnerabilities.
    • Explain OWASP's Software Assurance Maturity Model (OpenSAMM) and Build Security Maturity Model (BSIMM).
    • Define software security milestones and checkpoints in DevSecOps.
    • Explain the system security plan.
    • Identify security-related documents.
    • Defining metrics in software development.
    • Develop software decommissioning policies and procedures.
    • Explain security reporting mechanisms in DevSecOps.
    • Describe risk assessment and risk management.
    • Review the implementation of safe operating procedures.
    • Determine security considerations during the container lifecycle.
  • Domain 3: Secure Software Requirements
    • Describe requirements management.
    • Identify functional and non-functional requirements.
    • Explain the impact of security-focused stories in the SCRUM/Category SCRUM approach.
    • Describe the sources of software security requirements.
    • Analyze security policies and their supporting elements as internal sources of security requirements.
    • Interpret compliance requirements and consider laws, regulations, and industry standards as external sources of security requirements.
    • Discuss security standards and frameworks.
    • Describe data governance and ownership.
    • Describe material classification and security labels and markings.
    • Identify structured and unstructured data types.
    • Describe the data life cycle.
    • Identify privacy laws and regulations that reduce privacy risks.
    • Discuss data anonymization and list various anonymization methods.
    • Explain user consent, data retention and data processing in a privacy context.
    • Understand the impact of cross-border data transfers and limitations on the transfer of personal data.
    • Describe user and software data access requirements.
    • Describe misuse and abuse cases and their correlation to known attack patterns.
    • Describe the Security Requirements Traceability Matrix (STRM).
    • Determine security requirements for third-party vendors.
  • Domain 4: Secure Software Architecture and Design
    • Describe architectural and security-related design patterns.
    • Understand security standards for interface design.
    • Compare and differentiate between various authentication and authorization mechanisms.
    • Describes credential management.
    • Identify the principles and tools used in cybersecurity.
    • Describe the methods used to maintain database security.
    • Identify threat modeling processes, tools, and methods.
    • Outline the process for attack surface assessment and management.
    • Discuss threat intelligence and sources of cyber threat information.
    • Describe the architectural risk assessment process.
    • Recognize non-functional safety attributes and limitations.
    • Determine considerations for security maintenance architecture.
  • Domain 5: Secure Software Implementation
    • Characteristics that define secure coding standards.
    • Describes different ways to build security into outsourced applications.
    • Identify common defects in software and corresponding mitigation strategies.
    • Explain common secure coding practices.
    • Define protection methods for data in transit and at rest.
    • Identify software weaknesses listed in the most common vulnerability lists and databases.
    • Describe the functionality and methods of software assurance tools.
    • Describe the classification of controls by type and function.
    • Define controls to prevent common web application vulnerabilities.
    • Describe the process for defining security policies, including software risk considerations.
    • Identify the risks associated with using third-party and open source components and libraries.
    • Describe various integration categories and their relevance to software security.
    • Describe the build automation process
    • Explain the techniques used in software assurance
  • Domain 6: Secure Software Testing
    • Identify common security testing techniques.
    • Describe the test environment.
    • Define the organization's software security standards and guidelines.
    • Explain the security of crowdsourcing and the benefits of bug bounty programs.
    • Guidelines for defining security testing
    • Identify various security testing cases.
    • Recognize the importance of designing misuse and abuse cases.
    • Profile verification and validation
    • Explain the structure and goals of the OWASP Application Security Validation Standard (ASVS). .
    • Describes undocumented functionality and source code.
    • Interpret the safety implications of test results.
    • Distinguish the type of test result.
    • Describe the process for tracking security flaws
    • Risk scoring system and Common Vulnerability Scoring System (CVSS) explained.
    • Explain the generation of test data and the consequences of using formal environmental data.
    • Describe the process for verification and validation testing.
  • Domain 7: Secure Software Deployment, Operations, and Maintenance
    • Describe operational risk analysis in the context of the ISO 31000 series.
    • Describe Security Parameter Management (SecCM).
    • Identify elements of a secure continuous integration and continuous delivery (CI/CD) process.
    • Explain the application security toolchain.
    • Identify steps to identify application vulnerabilities.
    • Compare and differentiate common methods of storing and managing security information.
    • Describe secure installation procedures and methods.
    • Explain the security software startup mechanism.
    • Determine the steps and methods in the Authorization to Operate (ATO) process.
    • Explain how to perform continuous monitoring of information security.
    • Describe the incident contingency planning phases.
    • Link patch management processes to overall software security practices.
    • Describe methods and tools used for vulnerability management.
    • Describe how controls help protect the application during execution.
    • Compare and differentiate how business continuity and disaster recovery plans each support operational continuity.
    • Interpret and differentiate between Service Level Agreements (SLAs), Service Level Objectives (SLOs), and Service Level Indicators (SLIs) to enable continued supplier operations.
  • Domain 8: Secure Software Supply Chain
    • Describe the software supply chain.
    • Review the software supply chain risk management process.
    • Explain the security risks associated with third-party software.
    • Risks associated with peer-to-peer applications and file sharing.
    • Code repository and environment security explained.
    • Describes components with cryptographic hashes and digital signatures.
    • Determine security requirements and principles in software procurement.
    • Elaborate on key software purchasing considerations.
    • Explain the contractual requirements for software procurement.

Exam Information

The exam locations and seats are limited, so please make sure to book your exam center in advance. The exam center information for Taiwan is as follows:

  1. Pearson Professional Test Center Taipei, Taiwan台北市信義區基隆路一段163號12樓-3 聯合世紀大樓 電話:02-2756-7808
  2. 4F-1, 38 Xinguang Rd., Lingya District, Kaohsiung City (Asia Pacific Financial Plaza) · Phone: 07-536-1199
  • Exam content: 8 major domains: Introduction to Software Security, Software Lifecycle Security Management, Software Security Requirements, Software Security Design, Supply Chain and Software Procurement, Software Security Development, Software Security Development Testing, Software Deployment, Operations and Maintenance.
  • Exam time: 3 hours
  • Number of exam questions: 125 multiple choice questions (English)
  • Exam fee: $599

Notes

 

What Will You Learn?

  • After completing the course, learners will be able to effectively assess risks in software development, identify potential vulnerabilities and weaknesses, and implement appropriate risk management measures to reduce risks and prevent cybersecurity incidents. From a risk management perspective, learners will gain the ability to integrate risk management into the software development lifecycle, monitor risks during development, identify possible vulnerabilities, and establish control measures to ensure the software’s security and reliability.

Material Includes

  • Official Guide

Requirements

  • software development
  • IT
  • information security
  • Basic understanding of software life cycle
  • Risk management, CIA core and other concepts

Audience

  • Software development field: software architects, software analysts and designers, software developers, software security experts, software quality assurance and testers, etc.
  • Information security field: information security consultants, information security-related practitioners, computer auditors, etc.
  • Management areas: Software development department director, information security department director, information department director, project manager, etc.
  • Education field: software development teaching, software security teaching staff, etc.
  • Research fields: software development research, information security researchers, etc.

Course Content

Domain 1: Secure Software Concepts

Domain 2: Secure Software Life Cycle Management

Domain 3: Secure Software Requirements

Domain 4: Secure Software Architecture and Design

Domain 5: Secure Software Implementation

Domain 6: Secure Software Testing

Domain 7: Secure Software Deployment, Operations, and Maintenance

Domain 8: Secure Software Supply Chain

Instructors

AIN 全智網

AIN Lecturer

Cybersecurity and Network Course Expert
4.4
0 Student
109 Courses

Cybersecurity and Network Course Expert, an international training consultancy specializing in networking, cybersecurity, and artificial intelligence.

Shirley

Shirley

Expert
0.0
0 Student
2 Courses

With 30 years of experience across industries like manufacturing and finance, I've led major projects in software development, information security, and IT management, including data center builds, relocations, disaster recovery setups, and international payment collaborations. But my real passion is training. I love seeing learners light up when they grasp new concepts, and I thrive on guiding them through complex topics in an easy-to-understand way. I believe true information security can only be achieved when employees truly understand and align with its purpose.

No Review Yet
No Review Yet