Top of Page

CSSLP – The Industry’s Premier Secure Software Development Certification

Become a CSSLP – Certified Secure Software Lifecycle Professional

Earning the globally recognized CSSLP secure software development certification is a proven way to build your career and better incorporate security practices into each phase of the software development lifecycle (SDLC).

CSSLP certification recognizes leading application security skills. It shows employers and peers you have the advanced technical skills and knowledge necessary for authentication, authorization and auditing throughout the SDLC using best practices, policies and procedures established by the cybersecurity experts at (ISC)².

Prove your skills, advance your career, and gain support from a community of cybersecurity leaders here to help you throughout your professional journey.


Interested in CSSLP certification for your team? Learn more about (ISC)² Enterprise Solutions.

Please Note: Effective September 15, 2020, the CSSLP exam will be based on a new exam outline. The domains and their weights have changed. Please refer to the CSSLP Exam Outline and our FAQs for details.

CSSLP logo

Free CSSLP Ultimate Guide

Learn everything you need to know about preparing for the CSSLP exam, including:

  • Why you should get certified
  • CSSLP Fast Facts
  • What to expect on the exam
  • How to prepare for the exam
  • Value of (ISC)² certification

Your Pathway to Certification

Who Earns the CSSLP?

The CSSLP is ideal for software development and security professionals responsible for applying best practices to each phase of the SDLC – from software design and implementation to testing and deployment – including those in the following positions:

  • Software Architect
  • Software Engineer
  • Software Developer
  • Application Security Specialist
  • Software Program Manager
  • Quality Assurance Tester
  • Penetration Tester
  • Software Procurement Analyst
  • Project Manager
  • Security Manager
  • IT Director/Manager

Is the CSSLP Right for You?

The CSSLP isn’t the best cybersecurity certification option for everyone. Before you start down your certification path, make sure you aren’t missing an opportunity to pursue a credential more aligned with your immediate career goals.

Our broad portfolio of accredited security certifications, include:


What will You Need to Know to Pass the CSSLP Exam?

The CSSLP exam evaluates your expertise across eight security domains. Think of the domains as topics you need to master based on your professional experience and education.

CSSLP Domains

  • Domain 1. Secure Software Concepts
  • Domain 2. Secure Software Requirements
  • Domain 3. Secure Software Design
  • Domain 4. Secure Software Implementation/Programming
  • Domain 5. Secure Software Testing
  • Domain 6. Secure Lifecycle Management
  • Domain 7. Software Deployment, Operations, and Maintenance
  • Domain 8. Supply Chain and Software Acquisition

Please note: Effective September 15, 2020, the CSSLP exam will be based on a new exam outline. The domains and their weights have changed. Please refer to the CSSLP Exam Outline and our CSSLP FAQs for details.

If your exam is prior to September 15, 2020, download: 
CSSLP Exam Outline

If your exam is on or after September 15, 2020, download:
CSSLP Exam Outline 

For a complete list of acronyms you may encounter during your (ISC)² exam, reference the translated (ISC)² Certification Terms glossary.

Register for Your CSSLP Exam

Don’t wait. If you’re ready to pursue the CSSLP secure software development certification, commit yourself now by registering for the exam.

Schedule your exam by creating an account with Pearson VUE, the leading provider of global, computer-based testing for certification and licensure exams. You can find details on testing locations, policies, accommodations and more on their website.

Register Now

Get CSSLP Training that's Right for You

With instructor-led online and classroom courses, (ISC)² has a training option to fit your schedule and learning style. Trainings, seminars, courseware and self-study aids directly from (ISC)² or one of our many Official Training Providers help you get ready for the rigorous CSSLP exam by reviewing relevant domains and topics. Visit the (ISC)² Training Finder to register for the course that best meets your needs, including:



(ISC)² Self-Study Tools Keep Your Skills Sharp

Studying on your own or looking for a supplement to your seminar courseware? Check out our official self-study tools:

  • Official textbooks: What you need to know to be successful and review relevant domains.
  • Official study guides: Strengthen your knowledge in a specific domain and get in more exam practice time.
  • Official study flash cards: Prepare for the CSSLP exam anytime, anywhere.
Learn More

Gain the Necessary Work Experience

To qualify for this certification, you must pass the exam and have at least four years of cumulative, paid work experience as a software development lifecycle professional in one or more of the eight domains of the (ISC)² CSSLP Common Body of Knowledge (CBK).

Learn more about CSSLP Experience Requirements and how a relevant four-year degree can satisfy one year of required experience.

Don’t have enough experience yet? You can still pass the CSSLP exam and become an Associate of (ISC)² while you earn the required work experience.

Complete the Endorsement Process

Once you receive notification that you have successfully passed the exam, you can start the online endorsement process. This process attests that your assertions regarding professional experience are true and that you are in good standing within the cybersecurity industry.

Agree to the (ISC)² Code of Ethics

All information security professionals who are certified by (ISC)² recognize that such certification is a privilege that must be both earned and maintained. All (ISC)² members are required to commit to fully support (ISC)² Code of Ethics Canons:

  • Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • Act honorably, honestly, justly, responsibly, and legally.
  • Provide diligent and competent service to principles.
  • Advance and protect the profession.

Pay Your First Annual Maintenance Fee

Annual Maintenance Fees (AMFs) are used by (ISC)² to support the costs of maintaining the (ISC)² certifications and related support systems.

Certified Members AMFs

(ISC)² certified members pay a single AMF of U.S. $125 which is due each year upon the anniversary of their certification date. Members only pay a single AMF of U.S. $125 regardless of how many certifications they earn. AMFs for members with multiple certifications are due on their earliest certification anniversary.

Associates of (ISC)² AMFs

Associates of (ISC)² pay an AMF of U.S. $50 which is due each year upon the anniversary of achieving their associate status.

Learn more about AMFs here.

Join A Global Community Of Cybersecurity Leaders

Once you are certified and become an (ISC)² member, you’re a part of a global community of more than 140,000 certified cybersecurity professionals focused on inspiring a safe and secure cyber world. In addition to that extensive network, a wealth of continuing education opportunities help you keep your skills sharp, informed of the latest trends and best practices, and ensures your expertise remains relevant throughout your career. Learn more about (ISC)² member benefits.

Free CSSLP Ultimate Guide

Lead the Way in Developing Secure Software

Get Your Free CSSLP Ultimate Guide