Certified Secure Software Lifecycle Professional (CSSLP)

Live Classroom
Duration: 6 days
Live Virtual Classroom
Duration: 6 days
Pattern figure


The Certified Secure Software Lifecycle Professional (CSSLP) certification speaks for the certification holder’s knowledge and skills to effectively design, develop and implement security practices within each phase of the software development lifecycle.

This training focuses on the key concepts of all the eight domains evaluated by the certification exam for earning the CSSLP certification. The training provides a comprehensive review of the knowledge and skills required to incorporate security practices – authentication, authorization and auditing – into each phase of the Software Development Lifecycle (SDLC), from software design and implementation to testing and deployment.


What You'll Learn

  • Security design principles
  • Identify security and privacy requirements
  • Perform threat modelling and security architecture
  • Perform architectural risk assessment
  • Model and classify data
  • Analyze code for security vulnerabilities
  • Look for malicious code
  • Debug security errors
  • Develop security test cases, testing strategy and plans
  • Establish security milestones
  • Support governance, risk and compliance
  • Release software securely


  • Core concepts
  • Security design principles

  • Identify security requirements
  • Interpret data classification requirements
  • Identify privacy requirements
  • Develop misuse and abuse cases
  • Include security in software requirement specifications
  • Develop security requirement traceability matrix

  • Perform threat modeling
  • Define the security architecture
  • Performing secure interface design
  • Performing architectural risk assessment
  • Modeling non-functional security properties and constraints
  • Model and classify data
  • Evaluate and select reusable secure design
  • Perform design security review
  • Design secure assembly architecture for component-based systems
  • Use security enhancing architecture and design tools
  • Use secure design principles and patterns

  • Follow secure coding practices
  • Analyze code for security vulnerabilities
  • Look for malicious code
  • Securely reuse third party code and libraries
  • Securely integrate components
  • Apply security during the build process
  • Debug security errors

  • Develop security test cases
  • Develop security testing strategy and plan
  • Identify undocumented functionality
  • Interpret security implications of test results
  • Classify and track security errors
  • Secure test data
  • Develop or obtain security test data
  • Perform verification and validation testing

  • Secure configuration and version control
  • Establish security milestones
  • Choose a secure software methodology
  • Identify security standards and frameworks
  • Create security documentation
  • Develop security metrics
  • Decommission software
  • Report security status
  • Support governance, risk and compliance (GRC)

  • Perform implementation risk analysis
  • Release software securely
  • Securely store and manage security data
  • Ensure secure installation
  • Perform post-deployment security testing
  • Obtain security approval to operate
  • Perform security monitoring
  • Support incident response
  • Support patch and vulnerability management
  • Support continuity of operations

  • Analyze security of third party software
  • Verify pedigree and provenance
  • Provide security support to the acquisition process
Ripple wave

Who should attend

The course is highly recommended for –

  • Software architects
  • Software engineers
  • Software developers
  • Application security specialists
  • Software program managers
  • Quality assurance testers
  • Penetration testers
  • Software procurement analysts
  • Project managers
  • Security managers
  • IT directors and managers


To qualify for the CSSLP, participants need to have at least four years of cumulative paid work experience as a software development lifecycle professional in one or more of the eight domains of the (ISC)2 CSSLP Common Body of Knowledge (CBK). A participant who doesn’t yet have the required experience to become a CSSLP may become an Associate of (ISC)2 after successfully passing the CSSLP examination. They will then have five years to earn the required experience for the CSSLP certification.

Interested in this Course?


    This course prepares the participants for clearing the CSSLP certification examination. The details of the examination are as follows –

    Duration of the examination 4 hours
    Number of questions in the examination 175
    Format of the examination questions Multiple choice questions
    Passing score 700 out of 1000
    Exam availability English


    The examination evaluates the participant’s proficiency in eight specific domains. The weightage of these eight domains is as below –

    Domain Weightage
    Secure software concepts 13%
    Secure software requirements 14%
    Secure software design 16%
    Secure software implementation/programming 16%
    Secure software testing 14%
    Software lifecycle management 10%
    Software deployment, operations and maintenance 9%
    Supply chain and software acquisition 8%
    Total 100%

    Ready to recode your DNA for GenAI?
    Discover how Cognixia can help.

    Get in Touch
    Pattern figure
    Ripple wave