Sign In

Sign In here to pay AMFs, submit CPEs, update profile settings, review transactions, and more.



eLearning

CSSLP eLearning - Online Courses at Your Convenience

Our CSSLP eLearning is designed for the busy professional. This new online platform gives you the entire CSSLP curriculum at your fingertips in a format that was designed for eLearning.  It is not simply a video recording.  It has been built from the ground up as a tailored solution built to capture the CSSLP CBK in a training format where you can learn at your own pace, at home, on mobile, anywhere you have access to the internet and a web browser. 

Course Details

This course prepares candidates to write the CSSLP exam and to promote industry leaders in application security. Highlights include:

  • 8+ total hours of modern, accessible course content developed from the CSSLP course curriculum, including the new domain on Supply Chain Risk.
  • Education that teaches the CSSLP at a more convenient and cost efficient price point for one, or many in an organization.
  • Practice quizzes and custom content that speaks to the business risks of building modern day applications and voice overs done as if an instructor was right in the room.
  • eLearning methodology built upon Security Compass's proven customer success stories in training IT professionals using eLearning.
  • Eligible for CPE credits.

Course Options 

Option 1: Entire eLearning Course

With this option you will receive all 8 domains of the CSSLP at a discounted price of $599 - a 25% savings over purchasing individual modules. Students will gain access to important practice questions for each domain and the ability to access the training on the go, so long as you have an internet connection. 

Option 2: Key Modules

This option is for students who wish to target specific domains of the CSSLP CBK or review certain sections CPE or certification purposes.  Each domain is priced at $99 each domain and available by clicking the Purchase button alongside the domain outlines below. 

Course Outlines 

Domain 1 - Secure Software Concepts 

The goal of the Security Software Concepts module is to provide the learner with concepts related to the core software security requirements and foundational design principles as they relate to issues of privacy, governance, risk and compliance. Learners will understand the software methodologies needed in order to develop software that is secure and resilient to attacks. 

After completing this domain, participants will be able to:

  1. Define the concepts of secure software and how it applies to the design.
  2. Identify and apply information system security concepts to the development of software.
  3. Identify design aspects needed in order to develop hack-resilient software.
  4. Describe the regulatory, privacy, compliance, risk, and governance requirements for software development, and the effects of noncompliance.
  5. Describe development methodologies for the development of software. 

eLearning Outline:

  • Module 1: Concepts of secure software
  • Module 2: Principles of secure design
  • Module 3: Security and Privacy
  • Module 4: Governance, Risk, and Compliance 

Domain 2 - Security Software Requirements 

The goal of the Security Software Requirements domain is to provide the learner with concepts related to understanding the importance of identifying and developing software with secure requirements. The learner will be able to incorporate security requirements in the development of software in order to produce software that is reliable, resilient, and recoverable.

After completing this domain, participants will be able to:

  1. Identify the process for breaking down internal and external policies in order to develop software that meets stakeholder requirements.
  2. Describe data classification as mechanism to produce software security requirements from functional business requirements.
  3. Identify the different types of security requirements for software.
  4. Develop misuse and abuse cases in order to define functional security requirements.
  5. Describe the operational level secure software requirements.  

eLearning outline:

  • Module 1: Policy decomposition
  • Module 2: Classification and categorization
  • Module 3: Functional requirements - Use cases and abuse cases
  • Module 4: Secure software operational requirements 

Domain 3 - Secure Software Design 

The design phase of software development is one of the most important phases in the Software Development Life Cycle. The Security Software Design domain will provide the learner with an understanding on how to ensure that software security requirements are included in the design of the software. Learners will gain knowledge of secure design principles and processes, and be exposed to different architectures and technologies for securing software.

After completing this domain, participants will be able to:

  1. Explain reasons for including security in the design of software.
  2. Define secure design principles and how they are incorporated into the software design.
  3. Describe the software design process.
  4. Identify software security design considerations required for the development of secure software.
  5. Compare and contrast the architectures that exist for secure software design.
  6. Describe the technologies and computing environments and their impact on design decisions regarding security. 

eLearning outline

  • Module 1: Importance of secure design
  • Module 2: Design considerations
  • Module 3: The design process
  • Module 4: Securing commonly used architecture 

Domain 4 - Secure Software Coding 

The Security Software Implementation/Coding domain will provide the learner with an understanding the importance of programming concepts that can effectively protect software from vulnerabilities. Learners will touch on topics such as software coding vulnerabilities, defensive coding techniques and processes, code analysis and protection, and environmental security considerations that should be factored into software. 

After completing this domain, participants will be able to:

  1. Explain the fundamentals of programming and different software development methodologies.
  2. Identify common software attacks and vulnerabilities.
  3. Describe defensive coding practices and controls.
  4. Implement programming safeguards using defensive coding principles.
  5. Explain the difference between static and dynamic code analysis.
  6. Describe how to build software with security mechanisms in place. 

eLearning outline:

  • Module 1: Fundamental programming concepts
  • Module 2: Vulnerability databases and lists
  • Module 3: Defensive coding practices and controls
  • Module 4: Secure software processes 

Domain 5 - Security Software Testing 

The Security Software Testing domain will address issues pertaining to proper testing of software for security, including the overall strategies and plans. Learners will gain an understanding of the different types of functional and security testing should be performed, what are the criteria for testing, concepts related to impact assessment and corrective actions, and understanding the test data lifecycle. 

After completing this domain, participants will be able to:

  1. Identify the different artifacts of testing and their importance for the process.
  2. Describe the importance of testing and its impact on secure software.
  3. Describe the types of testing and the benefits and weaknesses of each.
  4. Identify impact and assessment and the respective corrective actions for secure software development.
  5. Describe the Test Data Lifecycle Management. 

eLearning outline:

  • Module 1: Artifacts of testing
  • Module 2: Testing for security and quality assurance
  • Module 3: Types of testing
  • Module 4: Test Data Lifecycle Management

Domain 6 - Software Acceptance 

The Software Acceptance domain provides an understanding of the requirements for software acceptance paying specific attention to compliance, quality, functionality, and assurance. Participants will learn about pre- and post-release validation requirements and well as pre-deployment criteria. 

After completing this domain, participants will be able to:

  1. Identify how software assurance relates to pre-deployment and pre-release acceptance criteria.
  2. Describe the risk acceptance process related to software acceptance.
  3. Define post-release validation and verification process and how they relate to software acceptance.
  4. Identify the importance of third party testing. 

eLearning outline:

  • Module 1: Software acceptance considerations
  • Module 2: Post-release 

Domain 7 - Software Deployment, Operation, Maintenance and Disposal 

The Software Deployment, Operations, Maintenance and Disposal domain provides the learner with knowledge pertaining to the deployment, operations, maintenance, and disposal of software from a secure perspective. This is achieved by identifying processes during installation and deployment, operations and maintenance, and disposal that can affect the ability of the software to remain reliable, resilient, and recoverable in its prescribed manner. 

After completing this domain, participants will be able to:

  1. Describe the parameters of a secure installation and deployment.
  2. Identify secure start up an bootstrapping concepts.
  3. Define configuration management concepts and they will impact software security.
  4. Describe the important aspects of operations and maintenance pertaining to continuous monitoring, incident, problem, and change management.
  5. Identify process specific to software disposal. 

eLearning outline:

  • Module 1: Installation and deployment
  • Module 2: Operations and maintenance
  • Module 3: Disposal of software  

Domain 8 - Supply Chain Risk and Software Acquisition 

The goal of this Supply chain and software acquisition domain is to provide the learner knowledge to ensure that the software developed in a supply chain is secure. The learner will learn some of the industry standards and practices that must applied to provide a high level of assurance that the supply chain is secure - both upstream and downstream. In addition to the practices discussed in previous modules the learner will understand how to assess supplier practices, installation and deployment, monitoring considerations for suppliers, identify risks, and understand the use of contractual obligations for suppliers. 

After completing this domain, participants will be able to:

  1. Understand the complexity and issues surrounding supply chain security
  2. Describe the industry standards that are used to in securing the supply chain.
  3. Take the steps necessary for assessing a supplier's security practices.
  4. Describe a process for ensuring the software from a supplier is securely delivered and deployed.
  5. Gain the confidence to certify supplier delivered software 

eLearning outline:

  • Module 1: Supplier Risk Assessment
  • Module 2: Supplier Sourcing
  • Module 3: Software Development and Test
  • Module 4: Software Delivery, Operations and Maintenance
  • Module 5: Supplier Transitioning

ISC2 Main Logo Greenand security compass logo

orange line

After a major success in 2013, when (ISC)² and Security Compass partnered to deliver an OWASP Top 10 course to (ISC)² members, a relationship grew based on how both companies could come together to promote cybersecurity education. Security Compass's mission is an application security company that understands that every person in an organization is different and tailoring education that's right for you. Together, (ISC)² and Security Compass have combined our expertise to deliver CSSLP award-winning content through this new eLearning course.