Watch the Free Webcast
All About the CSSLP
What Is Included in the CSSLP CBK?
The content covered by the (ISC)² CSSLP CBK is comprehensive and includes the following 8 domains:
- Secure Software Concepts - Know what constitutes secure software and what design aspects to take into consideration to architect hack-resilient software.
- Secure Software Requirements - Capturing all of the security requirements from various stakeholders and understanding the sources and processes needed to ensure a more effective design.
- Secure Software Design - Secure design elements, software architecture, secure design review, and conduct threat modeling.
- Secure Software Implementation/Coding - Secure coding practices, vulnerabilities to look for, and how to review the code to ensure that there are no errors in the code or security controls.
- Secure Software Testing - Integrated software testing for security functionality, reliability, resiliency to attack, and recoverability.
- Software Acceptance - Security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, Common Criteria and methods of independent testing.
- Software Deployment, Operations, Maintenance and Disposal – Security issues around steady state operations and management of software. Security measures that must be taken when a product reaches its end of life.
- Supply Chain and Software Acquisition – A holistic outline of the knowledge and tasks required in managing risk for outsourced development, acquisition, and procurement of software and related services.