Certified Secure Software Lifecycle Professional (CSSLP) 2024 E-Learning Training

Earning the globally recognized CSSLP secure software development certification is a proven way to build your career and better incorporate security practices into each phase of the software development lifecycle (SDLC).

CSSLP certification recognizes leading application security skills. It shows employers and peers you have the advanced technical skills and knowledge necessary for authentication, authorization and auditing throughout the SDLC using best practices, policies and procedures established by the cybersecurity experts at ISC2.

Prepare for the CSSLP certification by acquiring the knowledge to create and maintain secure software throughout its life cycle.

Courses in this collection (23 hours +):

Course content

CSSLP 2024: Secure Software Concepts

Course: 1 Hour, 19 Minutes

• Course Overview
• Confidentiality, Integrity, and Availability
• Authentication, Authorization, and Accountability
• Threats to Confidentiality
• Misconfigurations and Software Vulnerabilities
• Encryption and Access Controls for Confidentiality
• Using MFA, CBA, and SSO for Authentication
• Federated Identity Protocols
• Course Summary

CSSLP 2024: Security Design Principles

Course: 1 Hour, 16 Minutes

• Course Overview
• Security Controls for Integrity
• Digital Signatures
• Security Controls for Availability
• Privacy and Nonrepudiation
• Laws, Regulations, and Standards Related to Security Practices
• Security Design Principles
• Economy of Mechanism and Complete Mediation
• Open Design and Least Common Mechanism
• Course Summary

CSSLP 2024: Secure Software Lifecycle Management

Course: 1 Hour, 32 Minutes

• Course Overview
• Predictive vs. Adaptive SDLC
• Secure Lifecycle Management in the Waterfall Model
• The Agile Methodology
• Secure Scrum and MSDL/Agile
• DevOps as an Extension of Agile
• DevSecOps for Secure Lifecycle Management
• Inventory Management and Secure Configuration Management
• CIS Benchmarks, STIGs, and SCAP
• The Common Criteria, FIPS and CVSS
• Course Summary

CSSLP 2024: Processes & Benchmarks for Secure Lifecycle Management

Course: 2 Hours, 5 Minutes

• Course Overview
• The Secure Software Strategy and Roadmap
• Contrasting OpenSAMM, BSIMM, DSOMM and CMMC
• The System Security Plan (SSP)
• Attributes of Good Metrics for Secure Software
• Average Remediation Time (ART) and Criticality Levels
• Cyclomatic Complexity
• End of Life (EOL) Policies
• Archiving Data While Decommissioning Applications
• Data Disposition and SLA Management
• Security Reporting Mechanisms
• Risk Avoidance, Mitigation, Transfer, and Acceptance
• Continuous Monitoring and Breach Notifications
• Change Management and Incident Response Plans
• Course Summary

CSSLP 2024: Secure Software Requirements

Course: 1 Hour, 33 Minutes

• Course Overview
• Secure Software Requirements
• Gathering Security Requirements and OWASP ASVS
• The Perspective of a User
• Compliance Requirements and Relevant Regulations
• Security Requirements from NIST and ISO/IEC Publications
• Data Governance and Data Classification
• Roles in Data Governance
• Structured, Unstructured, and Semi-structured Data
• The Data Lifecycle
• Confidentiality and Integrity Models
• Course Summary

CSSLP 2024: Privacy, PII, & Cross-border Data Transfers Security Requirements

Course: 1 Hour, 23 Minutes

• Course Overview
• Security Requirements in CCPA, GDPR, and PIPEDA
• Additional Security Requirements Around Privacy
• Working with Personally Identifiable Information (PII)
• Cross-border Data Transfers
• Data Access Provisioning and Objects
• Granting Data Access for Users and Service Accounts
• Misuse vs. Abuse Scenarios
• The CAPEC Dictionary and the MITRE ATT&CK Frameworks
• The Security Requirements Traceability Matrix (SRTM)
• Course Summary

CSSLP 2024: Secure Software Architectures & Frameworks

Course: 2 Hours, 5 Minutes

• Course Overview
• The Zachman Framework for Security Architectures
• The SABSA Framework for Security Architectures
• Distributed Computing Architectures
• Peer-to-peer Networks and Message Queues
• N-tier Architectures and Three-tier Architectures
• Service-oriented Architectures
• SOAP, REST, and XML for Secure Data Exchange
• Microservices and Containers
• Rich Internet Applications (RIAs)
• Remote Code Execution (RCE)
• Constant Connectivity, Pervasive/Ubiquitous Computing, & Wireless
• Location-based Services, RFID, NFC, & Mesh Networks
• Embedded Systems, Secure Boot, and Secure Memory
• Secure Update Mechanisms and FPGAs
• Course Summary

CSSLP 2024: Security in Cloud Computing Architectures

Course: 2 Hours

• Course Overview
• Cloud Computing vs. On-premises Computing
• Deployment Models in Cloud Computing
• Using Cloud Storage
• Understanding Cloud Service Models
• PaaS and SaaS
• The Shared Responsibility Model
• Shared Responsibilities in IaaS and PaaS
• Security in Mobile Applications
• Implicit Data Collection
• Considerations in Hardware Platform Security
• Side-channel Attacks
• Speculative Execution Vulnerabilities
• Secure Elements
• Course Summary

CSSLP 2024: Security in Firmware & Industrial IoT

Course: 1 Hour, 45 Minutes

• Course Overview
• Security of Firmware and Hardware Device Drivers
• Cognitive Computing, AR/VR, and Industrial IoT
• Attacks on IIoT Systems
• Facilities IIoT and Automotive IIoT
• Robotics and Medical Devices IIoT
• Security in Software-defined Production
• Security Management Interfaces (SMIs)
• Out-of-Band (OOB) Management and Log Interfaces
• Application Dependencies
• Protocol Design
• API Protocol Design and State
• Course Summary

CSSLP 2024: Digital Certificates, Firewalls, Hypervisors, & Containers

Course: 1 Hour, 47 Minutes

• Course Overview
• The X.509 Standard for Digital Certificates
• Proxy Servers for Flow Control and Load Balancing
• Firewalls and Flow Control Protocols
• Data Loss Prevention (DLP)
• Infrastructure as Code (IaC)
• The Benefits of Virtualization
• Virtual Machines vs. Bare Metal
• Hypervisors in VM Instances
• Containers
• Container Security Considerations and Standards
• Trusted Computing
• Trusted Platform Modules and Trusted Compute Base
• Course Summary

CSSLP 2024: Databases & Programming Language Environments

Course: 2 Hours, 9 Minutes

• Course Overview
• Database Security with Triggers
• Views and Secure Connections
• Secure Programming Language Environments
• Security in the .NET Common Language Runtime and Java Runtime Environment
• Security in Python and PowerShell
• Security Controls in Operating Systems
• Threat Modeling with STRIDE
• Threat Modeling with PASTA
• Attack Trees and Advanced Persistent Threats
• Secure Architectural Design Patterns
• Security Design Verification
• Non-functional Security Requirements
• CI/CD Pipelines in Secure Deployment
• Course Summary

CSSLP 2024: Secure Software Implementation

Course: 1 Hour, 25 Minutes

• Course Overview
• Secure Software Programming
• Input Validation and Output Sanitization
• SEI CERT Secure Practices
• SEI CERT for C, C++, and Android
• Secure Session Management in PHP, Python, and Java
• Concurrency and Threading Exploits
• Concurrency Best Practices in Python
• Concurrency Best Practices in Java, C#, and C++
• Database Concurrency Exploits and Best Practices
• Course Summary

CSSLP 2024: Security in Memory Management, the Build Process, and APIs

Course: 1 Hour, 11 Minutes

• Course Overview
• Secure Practices in Memory Management in Python
• Memory Management in Java, C# and C++
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Understanding API Security
• OWASP API Security Top
• Build Process Security Techniques
• Compiler and Interpreter Switches in Python, Java, C# and C++
• Course Summary

CSSLP 2024: Secure Software Testing

Course: 1 Hour, 48 Minutes

• Course Overview
• Defining Secure Software Testing
• Known and Unknown Testing Environments
• Standards and Guidelines for Security Testing
• Vulnerability Scanning and Penetration Testing
• Fuzzing (Fuzz Testing) and Simulation Testing
• Types of Failure Testing
• Entropy and Cryptographic Validation
• Documentation and Undocumented Functionality
• Build and Break Criteria
• Defects, Errors, Vulnerabilities, and CVSS Scores
• Considerations in Test Data
• Verification, Validation, and Acceptance Testing
• Course Summary

CSSLP 2024: Secure Software Supply Chain

Course: 44 Minutes

• Course Overview
• Secure Software Supply Chain Assessment
• Pedigree and Provenance in the Software Supply Chain
• Security During Software Acquisition
• Contractual Considerations and Types of Licenses
• Liability Clauses, Master Agreements and EULAs
• Course Summary