CSSLP® Professional Experience Requirements
Do you have the proper experience to earn an CSSLP certification?
You must have a minimum of four years of recent work experience in one or more of these eight domains of the CSSLP CBK®:
- Secure Software Concepts
Security implications in software development
- Secure Software Requirements
Capturing security requirements in the requirements gathering phase
- Secure Software Design
Translating security requirements into application design elements
- Secure Software Implementation/Coding
Unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
- Secure Software Testing
Integrated QA testing for security functionality and resiliency to attack
- Software Acceptance
Security implication in the software acceptance phase
- Software Deployment, Operations, Maintenance and Disposal
Security issues around steady state operations and management of software
- Supply Chain and Software Acquisition
Managing risk for outsourced development, acquisition, and procurement of software and related services
Note: If certain circumstances apply, and with appropriate documentation, candidates are eligible to waive one year of professional experience.
Professional Experience Requirement Based on Education
Candidates can substitute a maximum of one year of direct full-time professional work experience described above if they have a four-year college degree, or regional equivalent in Computer Science, Information Technology (IT) or related fields.