CSSLP® Professional Experience Requirements

Do you have the proper experience to earn an CSSLP certification?

You must have a minimum of four years of recent work experience in one or more of these eight domains of the CSSLP CBK®:  

  • Secure Software Concepts
    Security implications in software development  
  • Secure Software Requirements
    Capturing security requirements in the requirements gathering phase  
  • Secure Software Design
    Translating security requirements into application design elements  
  • Secure Software Implementation/Coding
    Unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation  
  • Secure Software Testing
    Integrated QA testing for security functionality and resiliency to attack  
  • Software Acceptance
    Security implication in the software acceptance phase  
  • Software Deployment, Operations, Maintenance and Disposal
    Security issues around steady state operations and management of software
  • Supply Chain and Software Acquisition
    Managing risk for outsourced development, acquisition, and procurement of software and related services   

Note: If certain circumstances apply, and with appropriate documentation, candidates are eligible to waive one year of professional experience.

Professional Experience Requirement Based on Education 

Candidates can substitute a maximum of one year of direct full-time professional work experience described above if they have a four-year college degree, or regional equivalent in Computer Science, Information Technology (IT) or related fields.