Become a Certified Secure Software Lifecycle Professional (CSSLP). Add value to your employer and expand your career opportunities. Application vulnerabilities affect our everyday lives, and were ranked the #1 threat to information security professionals in the 2011 (ISC)2 Global Information Security Workforce Study. In order to make the cyber world a safer place, we must ensure web application security is a priority. The CSSLP is the only certification designed to ensure that application development applies secure concepts throughout the lifecycle. Prepare for this internationally recognized certification. This course prepares you for (ISC)2 Exam CSSLP. Go to www.isc2.org for complete certification information.
Who can benefit from certification?
Software Architect, Engineer, Developer, Program Manager, Procurement Analyst, Application Security Specialist, Quality Assurance Tester, Penetration Tester, Project Manager, Security Manager, IT Director/Manager
Why earn certification?
- Be recognized as a leader in software security.
- Offer value to your employer by identifying application vulnerabilities.
- Demonstrate your working knowledge of application security.
- Enhance credibility and marketability on a worldwide scale.
Key Areas of Knowledge
- Secure Software Concepts--security implications and methodologies within centralized and decentralized environments across the enterprise's computer systems in software development.
- Secure Software Requirements--capturing security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.
- Secure Software Design--translating security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
- Secure Software Implementation/Coding--involves the application of coding and testing standards, applying security testing tools including "fuzzing", static-analysis code scanning tools, and conducting code reviews.
- Secure Software Testing--integrated QA testing for security functionality and resiliency to attack.
- Software Acceptance--security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, Common Criteria and methods of independent testing.
- Software Deployment, Operations, Maintenance, and Disposal--security issues around steady safe operations and management of software. Security measures that must be taken when a product reaches its end of life.
- Supply Chain and Software Acquisition--provides a holistic outline of the knowledge and tasks required in managing risk for outsourced development, acquisition, and procurement of software and related services.
Two years programming experience and Security+ certification or equivalent professional experience.