Certified Secure Software Lifecycle Professional (CSSLP) is a workshop that covers topics such as:
- Secure software requirements
- Interpret data classification requirements
- Identify internal and external security requirements
- Develop misuse and abuse cases
- Identify privacy requirements
- Develop security requirement traceability matrix
- Include security in software requirement specifications
- Secure software concepts
- Security Design Principles
- Core Concepts
- Secure lifecycle management
- Analyze code for security vulnerabilities
- Follow secure coding practices
- Fix security vulnerabilities
- Implement security controls
- Securely reuse third party code or libraries
- Look for malicious code
- Apply security during the build process
- Securely integrate components
- Perform design security review
- Debug security errors
- Use security enhancing architecture and design tools
- Design secure assembly architecture for component-based systems
- Use secure design principles and patterns
- Secure software design
- Define the security architecture
- Perform threat modeling
- Performing architectural risk assesment
- Performing secure interface design
- Model and classify data
- Modeling (non-functional) security properties and constraints
- Perform design security review
- Evaluate and select reusable secure design
- Use security enhancing architecture and design tools
- Design secure assembly architecture for component-based systems
- Use secure design principles and patterns
- Software lifecycle management
- Establish security milestones
- Secure configuration and version control
- Identify security standards and frameworks
- Choose a secure software methodology
- Develop security metrics
- Create security documentation
- Report security status
- Decommission software
- Support governance, risk and compliance (GRC)
- Secure software testing
- Develop security testing strategy and plan
- Develop security test cases
- Interpret security implications of test results
- Identify undocumented functionality
- Secure test data
- Classify and track security errors
- Perform verification and validation testing
- Develop or obtain security test data
- Supply chain and software acquisition
- Verify pedigree and provenance
- Analyze security of third party software
- Provide security support to the acquisition process
- Software deployment, operations, maintenance and disposal
- Release software securely
- Perform implementation risk analysis
- Ensure secure installation
- Securely store and manage security data
- Obtain security approval to operate
- Perform post-deployment security testing
- Support incident response
- Perform security monitoring (e.g., managing error logs, audits, meeting SLAs, CIA metrics)
- Support continuity of operations
- Support patch and vulnerability management
Certified Secure Software Lifecycle Professional (CSSLP) brings together all stakeholders within the software lifecycle including:
- Security managers
- IT managers
- Auditors
- Project managers
- Software engineers
- Software architects
- Software program managers
- Application security specialists
- Quality assurance testers
- Business analysts
- Software procurement analysts
- Penetration testers
