CSSLP Exam Information and Guideline
Certified Secure Software Lifecycle Professional
Below are complete topics detail with latest syllabus and course outline, that will help you good knowledge about exam objectives and topics that you have to prepare. These contents are covered in questions and answers pool of exam.
Exam Title :
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Exam ID :
CSSLP
Exam Duration :
240 mins
Questions in Exam :
175
Passing Score :
700/1000
Exam Center :
Pearson VUE
Real Questions :
ISC2 CSSLP Real Questions
VCE Practice Test :
ISC2 CSSLP Certification VCE Practice Test
The Official (ISC)² CSSLP training provides a comprehensive review of the knowledge required to incorporate security practices – authentication, authorization and auditing – into each phase of the Software Development Lifecycle (SDLC), from software design and implementation to testing and deployment. This training course will help students review and refresh their knowledge and identify areas they need to study for the CSSLP exam.
Domain 1: Secure Software Concepts
Domain 2: Secure Software Requirements
Domain 3: Secure Software Design
Domain 4: Secure Software Implementation/Programming
Domain 5: Secure Software Testing
Domain 6: Secure Lifecycle Management
Domain 7: Software Deployment, Operations and Maintenance
Domain 8: Supply Chain and Software Acquisition
Identify the software methodologies needed to develop software that is secure and resilient to attacks.
Incorporate security requirements in the development of software to produce software that is reliable, resilient and recoverable.
Understand how to ensure that software security requirements are included in the design of the software, gain knowledge of secure design principles and processes, and gain exposure to different architectures and technologies for securing software.
Understand the importance of programming concepts that can effectively protect software from vulnerabilities. Learners will touch on topics such as software coding vulnerabilities, defensive coding techniques and processes, code analysis and protection, and environmental security considerations that should be factored into software.
Address issues pertaining to proper testing of software for security, including the overall strategies and plans. Learners will gain an understanding of the different types of functional and security testing that should be performed, the criteria for testing, concepts related to impact assessment and corrective actions, and the test data lifecycle.
Understand the requirements for software acceptance, paying specific attention to compliance, quality, functionality and assurance. Participants will learn about pre- and post-release validation requirements as well as pre-deployment criteria.
Understand the deployment, operations, maintenance and disposal of software from a secure perspective. This is achieved by identifying processes during installation and deployment, operations and maintenance, and disposal that can affect the ability of the software to remain reliable, resilient and recoverable in its prescribed manner.
Understand how to perform effective assessments on an organizations cyber-supply chain, and describe how security applies to the supply chain and software acquisition process. Learners will understand the importance of supplier sourcing and being able to validate vendor integrity, from third-party vendors to complete outsourcing. Finally, learners will understand how to manage risk through the adoption of standards and best practices for proper development and testing across the entire lifecycle of products.