Watch the Free Webcast
All About the CSSLP
What Is Included in the CSSLP CBK?
The content covered by the (ISC)² CSSLP CBK is comprehesive and includes the following eight domains:
- Secure Software Concepts - know what constitutes secure software and what design aspects to take into consideration to architect hack-resilient software.
- Secure Software Requirements - capturing all of the security requirements from various stakeholders and understanding the sources and processes needed to ensure a more effective design.
- Secure Software Design - secure design elements, software architecture, secure design review, and conduct threat modeling.
- Secure Software Implementation/Coding - secure coding practices, vulnerabilities to look for, and how to review the code to ensure that there are no errors in the code or security controls.
- Secure Software Testing - integrated software testing for security functionality, reliability, resiliency to attack, and recoverability.
- Software Acceptance - security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, Common Criteria and methods of independent testing.
- Software Deployment, Operations, Maintenance and Disposal – security issues around steady state operations and management of software. Security measures that must be taken when a product reaches its end of life.
- Supply Chain and Software Acquisition – provides a holistic outline of the knowledge and tasks required in managing risk for outsourced development, acquisition, and procurement of software and related services.