Sign In

Sign In here to pay AMFs, submit CPEs, update profile settings, review transactions, and more.

CSSLP - Certified Secure Software Lifecycle Professional

Enabling the Next Generation to Build Secure Software

Attackers and researchers continue to expose new application vulnerabilities, and it's no wonder that application vulnerabilities are ranked the #1 threat to cybersecurity professionals (according to the 2015 (ISC)² Global Information Security Workforce Study). Web application security must be a priority for organizations to protect their business and reputation. For this reason, it is crucial that anyone involved in the software development lifecycle (SDLC) be knowledgeable and experienced in understanding how to build secure software.

The CSSLP certification validates software professionals have the expertise to incorporate security practices – authentication, authorization and auditing – into each phase of the SDLC, from software design and implementation to testing and deployment. CSSLPs have proven proficiency in:

  • Developing an application security program in their organization
  • Reducing production costs, application vulnerabilities and delivery delays
  • Enhancing the credibility of their organization and its development team
  • Reducing loss of revenue and reputation due to a breach resulting from insecure software

Who should obtain the CSSLP certification?

The Certified Secure Software Lifecycle Professional (CSSLP) is for everyone involved in the SDLC with at least 4 years of cumulative paid full-time work experience in 1 or more of the 8 domains of the CSSLP CBK. CSSLPs often hold positions such as the following: 

  • Software Architect
  • Software Engineer
  • Software Developer
  • Application Security Specialist
  • Software Program Manager
  • Quality Assurance Tester
  • Penetration Tester
  • Software Procurement Analyst
  • Project Manager
  • Security Manager
  • IT Director/Manager 

Don't have the application security experience to earn your certification? Earn your experience to become a CSSLP as an Associate of (ISC)² by successfully passing the CSSLP exam. You'll have up to 5 years to earn your experience. Find out more about becoming an associate.

Globally Recognized Proficiency in Application Security

The CSSLP draws from a comprehensive, up-to-date, global common body of knowledge that ensures software professionals have deep knowledge and understanding of how to build secure software. CSSLP tests one competence in the following 8 domains

  • Secure Software Concepts
  • Secure Software Requirements
  • Secure Software Design
  • Secure Software Implementation/Coding
  • Secure Software Testing
  • Software Acceptance
  • Software Deployment, Operations, Maintenance and Disposal
  • Supply Chain and Software Acquisition 

CSSLP Exam Information

Length of exam     4 hours
Number of questions 175
Question format Multiple choice questions
Passing grade 700 out of 1000 points
Exam Language English
Testing center Pearson Vue Testing Center
Exam pricing Exam pricing (PDF)
Study tools

Official (ISC)² Guide to the CSSLP CBK

Official (ISC)² training seminar

CSSLP eLearning

Interactive Flashcards

Practice test app

Exam outline

Download the CSSLP brochure.

 All (ISC)² certifications, except CCSP, CCFP and HCISPP, are accredited by the American National Standards Institute (ANSI) to be in compliance with the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 17024 Standards.  

Need More Information?





certs chart top

 orange line

White Paper

The Need for
Improved Software Quality

Download Now  

orange line  


CSSLP Named #1 Tech Cert that is Paying Off by Foote Partners

csslp named #1 tech certFoote Partners found that IT professionals with certs continue to see a competitive edge in compensation. Out of the top 20 certs that Foote predicts will increase in value the first half of 2014, CSSLP is #1.

Read the article orange arrow small