Top of Page
 

CSSLP Training Course Outline

Software Security

This course is designed for software professionals that have the expertise to incorporate security practices – authentication, authorization and auditing – into each phase of the software development lifecycle (SDLC), from software design and implementation to testing and deployment. Led by an (ISC)² authorized instructor, this training seminar provides a comprehensive review of information systems security concepts and industry best practices, covering the following eight domains of the CSSLP Common Body of Knowledge (CBK®).

Who Should Attend

The training seminar is ideal for those working in positions such as but not limited to:

  • Software Architect
  • Software Engineer
  • Software Developer
  • Application Security Specialist
  • Software Program Manager
  • Quality Assurance Tester
  • Penetration Tester
  • Software Procurement Analyst
  • Project Manager
  • Security Manager
  • IT Director/Manager
 

Course Agenda

  • Domain 1.Secure Software Concepts
  • Domain 2. Secure Software Requirements
  • Domain 3. Secure Software Architecture and Design
  • Domain 4. Secure Software Implementation
  • Domain 5. Secure Software Testing
  • Domain 6. Secure Software Lifecycle Management
  • Domain 7. Secure Software Deployment, Operations, Maintenance
  • Domain 8. Secure Software Supply Chain
 

Course Delivery Methods

 

Course Objectives

At the end of this course, learners will be able to:
  • Discuss the core concepts of software security and the foundational principles that drive construction of resilient software.
  • Discuss the security design principles as essential elements for building secure software.
  • Discuss software security standards and frameworks, roadmaps and strategies and risk management.
  • Explain security in software development methodologies, security metrics and security culture in software development.
  • Identify and analyze software requirements pertaining to data privacy, security and compliance with laws and regulations.
  • Describe requirement specification and tractability, misuse and abuse cases and flow down of security requirements to supplier.
  • Explain secure architecture and design elements and patterns, architectural risk assessment, threat modeling, threat intelligence and attack surface evaluation.
  • Explain security architecture and control identification, prioritization and positioning.
  • Apply secure coding practices, analyze code for security risks and implement security controls.
  • Discuss third-party code and libraries, software composition analysis and security of the build process.
  • Discuss security testing strategy plan and analyze security testing methods.
  • Discuss validation and verification, security test results and tracking security errors.
  • Describe secure software integration and deployment, security data and post-deployment security testing.
  • Recognize various security-relevant maintenance activities and discuss planning for the continuity of operations.
  • Discuss software supply chain risks and analyze security of third-party software.
  • Explain supplier security requirements in the acquisition process and support for contractual requirements.
Ok