What is CSSLP Certification? Everything You Need To Know

1
What is CSSLP Certification? Everything You Need
To Know
www.infosectrain.com sales_at_infosectrain.com
2
What is CSSLP Certification? Certified Secure
Software Lifecycle Professional (CSSLP) is a
certification introduced by (ISC)2 in 2008 that
concentrates on web application security within
the software development lifecycle (SDLC). The
CSSLP certification is perfect for software
developers and security professionals responsible
for implementing best practices to every step of
software development. This certification shows
that the candidate has advanced knowledge and the
technical skills to efficiently design, develop,
and implement security practices in each software
life cycle phase. The CSSLP certification
training covers all the essential aspects of
secure software development. It takes a long-term
strategic view to improve the overall state of
software security within an organization while
providing a tactical solution.
www.infosectrain.com sales_at_infosectrain.com
3
www.infosectrain.com sales_at_infosectrain.com
4

• Benefits of CSSLP certification
• The CSSLP certification shows you are an expert
  in application security. CSSLP is a glorious way
  to increase your security knowledge therefore,
  you can keep your skills current and relevant. It
  is not product-specific, so you can effortlessly
  apply your skills to various technologies and
  methodologies. It teaches you how to protect your
  organization while keeping their sensitive data
  safe and helping in career advancement.
• CSSLP Experience Requirements
• A minimum of four years of full-time Software
  Development Lifecycle (SDLC) professional
  background in one or more of the eight domains of
  the CSSLP Common Body of Knowledge (CBK)
• 4-year college degree in Computer Science,
  Information Technology (IT), or related fields

www.infosectrain.com sales_at_infosectrain.com
5
CSSLP Exam outline Domain 1 Secure Software
Concepts  This domain contains 10 weightage in
the exam. It includes concepts of
confidentiality, integrity, availability,
authentication, authorization, auditing, and
management of sessions. It familiarizes the
candidates with fundamental concepts, principles
of risk management, and governance. It also
explains trusted computing concepts that can be
applied in the software. Domain 2 Secure
Software Requirements This domain contains 14
weightage in the exam. It familiarizes you with
various internal and external sources from which
software security requirements can be determined
and covers different security requirements for
the software. It understands how to develop
misuse cases from case scenarios to determine
security requirements, generate a subject-object
matrix, and understand how it can be used to
generate security requirements. Domain 3 Secure
Software Design This domain contains 14
weightage in the exam. It explains the need and
importance of designing security into the
software, secure design principles, and how they
can be incorporated into software design. It
introduces you to different software architecture
that exists and explains the security benefits.
www.infosectrain.com sales_at_infosectrain.com
6
Domain 4 Secure Software Implementation This
domain also contains 14 weightage in the exam.
This domain discusses declarative versus
imperative (programmatic) security, concurrency
(e.g., thread safety, database concurrency
controls), output sanitization (e.g., encoding,
obfuscation), error and exception handling, input
validation, secure logging and auditing, and
session management. It also explains
vulnerability databases, open web application
security project (OWASP) Top 10, and dynamic
application security testing (DAST). Domain 5
Secure Software Testing This domain contains 14
weightage in the exam. This domain understands
how to develop security test cases, security
testing strategies, and plans. It also guides you
on how to verify and validate documentation
(e.g., installation and setup instructions, user
guides, error messages and release notes), how to
analyze security implications of test results
(e.g., impact on product management,
prioritization, and break build criteria), and
how to perform verification and validation
testing.
www.infosectrain.com sales_at_infosectrain.com
7
Domain 6 Secure Software Lifecycle Management
This domain contains 11 weightage in the exam.
It explains how to manage security within a
software development methodology and security
documentation. It also shows how to develop
security metrics (e.g., defects per line of code,
criticality level, average remediation time, and
complexity). Domain 7 Secure Software
Deployment, Operations, Maintenance This domain
contains 12 weightage in the exam. This domain
provides knowledge on how to perform an
operational risk analysis, release software
securely, manage security data, and information
security continuous monitoring (ISCM). It gives
an understanding of how to perform patch
management (e.g., secure release, testing) and
vulnerability management (e.g., scanning,
tracking, triaging). Domain 8 Secure Software
Supply Chain This domain contains 11 weightage
in the exam. It explains how to implement
software supply chain risk management and analyze
third-party software security. It also describes
how to ensure supplier security requirements in
the acquisition process.
www.infosectrain.com sales_at_infosectrain.com
8
CSSLP Certification Exam details
Length of exam 3 hours
Number of questions 125
Exam format Multiple choice
Passing grade 700 out of 1000
Exam availability English
www.infosectrain.com sales_at_infosectrain.com
9
Should I get the CISSP or CSSLP? If your
interests and career run through IT and
management, then CISSP probably makes more sense.
In CISSP, you will learn about risk management,
security architecture, encryption, network
security, secure software development, and
identity access management. On the other side, If
you want to make a career in product development
or testing, concepts of CSSLP certification will
help you out a lot. CSSLP is much more focused on
secure software development and the entire
software lifecycle. Choosing between CISSP or
CSSLP totally depends on your profession both
are excellent certifications but are different
from each other.
www.infosectrain.com sales_at_infosectrain.com
10
How can I get CSSLP Certification? You can prefer
Infosec Train for CSSLP Certification training to
get professional knowledge and an in-depth
understanding of the Software Development Life
Cycle. The training will be provided by highly
skilled and experienced trainers. The courses
will enhance your skills and help you advance
your career in software development. If you want
to enroll in CSSLP training, please visit the
following link https//www.infosectrain.com/cour
ses/csslp-certification-training/
www.infosectrain.com sales_at_infosectrain.com
11
About InfosecTrain

• Established in 2016, we are one of the finest
  Security and Technology Training and Consulting
  company
• Wide range of professional training programs,
  certifications consulting services in the IT
  and Cyber Security domain
• High-quality technical services, certifications
  or customized training programs curated with
  professionals of over 15 years of combined
  experience in the domain

www.infosectrain.com sales_at_infosectrain.com
12
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
13
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
14
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
15
(No Transcript)
16
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com