Certified Secure Software Lifecycle Professional (CSSLP)

Topics

• Secure software requirements
  • Interpret data classification requirements
  • Identify internal and external security requirements
  • Develop misuse and abuse cases
  • Identify privacy requirements
  • Develop security requirement traceability matrix
  • Include security in software requirement specifications
• Secure software concepts
  • Security Design Principles
  • Core Concepts
• Secure lifecycle management
  • Analyze code for security vulnerabilities
  • Follow secure coding practices
  • Fix security vulnerabilities
  • Implement security controls
  • Securely reuse third party code or libraries
  • Look for malicious code
  • Apply security during the build process
  • Securely integrate components
  • Perform design security review
  • Debug security errors
  • Use security enhancing architecture and design tools
  • Design secure assembly architecture for component-based systems
  • Use secure design principles and patterns
• Secure software design
  • Define the security architecture
  • Perform threat modeling
  • Performing architectural risk assesment
  • Performing secure interface design
  • Model and classify data
  • Modeling (non-functional) security properties and constraints
  • Perform design security review
  • Evaluate and select reusable secure design
  • Use security enhancing architecture and design tools
  • Design secure assembly architecture for component-based systems
  • Use secure design principles and patterns
• Software lifecycle management
  • Establish security milestones
  • Secure configuration and version control
  • Identify security standards and frameworks
  • Choose a secure software methodology
  • Develop security metrics
  • Create security documentation
  • Report security status
  • Decommission software
  • Support governance, risk and compliance (GRC)
• Secure software testing
  • Develop security testing strategy and plan
  • Develop security test cases
  • Interpret security implications of test results
  • Identify undocumented functionality
  • Secure test data
  • Classify and track security errors
  • Perform verification and validation testing
  • Develop or obtain security test data
• Supply chain and software acquisition
  • Verify pedigree and provenance
  • Analyze security of third party software
  • Provide security support to the acquisition process
• Software deployment, operations, maintenance and disposal
  • Release software securely
  • Perform implementation risk analysis
  • Ensure secure installation
  • Securely store and manage security data
  • Obtain security approval to operate
  • Perform post-deployment security testing
  • Support incident response
  • Perform security monitoring (e.g., managing error logs, audits, meeting SLAs, CIA metrics)
  • Support continuity of operations
  • Support patch and vulnerability management

Who should Attend

All stakeholders within the software lifecycle including:

• Security managers
• IT managers
• Auditors
• Project managers
• Software engineers
• Software architects
• Software program managers
• Application security specialists
• Quality assurance testers
• Business analysts
• Software procurement analysts
• Penetration testers