CSSLP Certification Boot Camp Outline
The Official (ISC)² courseware covers a broad spectrum of topics in the 8 domains of the CSSLP Common Body of Knowledge (CBK). With Training Camp’s exam prep guide your course content will always be up-to-date with the most current version of the exam. This mix of courseware offers an in-depth review of the CBK as needed, and offers the advantage of Training Camp exam performance boosters.
CSSLP Domain 1: Secure Software Concepts
Core Concepts
Security Design Principles
CSSLP Domain 2: Secure Software Requirements
Identify Security Requirements
Interpret Data Classification Requirements
Identify Privacy Requirements
Develop Misuse and Abuse Cases
Include Security in Software Requirement Specifications
Develop Security Requirement Traceability Matrix
CSSLP Domain 3: Secure Software Design
Perform Threat Modeling
Define the Security Architecture
Performing Secure Interface Design
Performing Architectural Risk Assessment
Modeling Security Properties and Constraints
Model and Classify Data
Evaluate and Select Reusable Secure Design
Perform Design Security Review
Design Secure Assembly Architecture for Component-Based Systems
Use Security Enhancing Architecture and Design Tools
Use Secure Design Principles and Patterns
CSSLP Domain 4: Secure Software Implementation/Coding
Follow Secure Coding Practices
Analyze Code for Security Vulnerabilities
Implement Security Controls
Fix Security Vulnerabilities
Look for Malicious Code
Securely Reuse Third Party Code or Libraries
Securely Integrate Components
Apply Security during the Build Process
Debug Security Errors
CSSLP Domain 5: Secure Software Testing
Develop Security Test Cases
Develop Security Testing Strategy and Plan
Identify Undocumented Functionality
Interpret Security Implications of Test Results
Classify and Track Security Errors
Secure Test Data
Develop or Obtain Security Test Data
Perform Verification and Validation Testing
CSSLP Domain 6: Software Acceptance
Secure Configuration and Version Control
Establish Security Milestones
Choose a Secure Software Methodology
Identify Security Standards and Frameworks
Create Security Documentation
Develop Security Metrics
Decommission Software
Report Security Status
Support Governance, Risk, and Compliance (GRC)
CSSLP Domain 7: Software Deployment, Operations, Maintenance and Disposal
Perform Implementation Risk Analysis
Release Software Securely
Securely Store and Manage Security Data
Ensure Secure Installation
Perform Post-Deployment Security Testing
Obtain Security Approval to Operate
Perform Security Monitoring
Support Incident Response
Support Patch and Vulnerability Management
Support Continuity of Operations
CSSLP Domain 8: Supply Chain & Software Acquisition
Analyze Security of Third Party Software
Verify Pedigree and Provenance
Provide Security Support to the Acquisition Process
As an (ISC)² Preferred Official Training Provider, Training Camp offers CPE units for our (ISC)² class alumni that can be used for a wide range of CEU and CPE requirements.
Is the CSSLP certification right for me?
The CSSLP is ideal for software development and security professionals responsible for applying best practices to each phase of the software development lifecycle (SDLC). It shows you have advanced knowledge and the technical skills to effectively design, develop and implement security practices within each phase of the software lifecycle.
To qualify for the CSSLP, candidates must pass the exam and have at least four years of cumulative, paid work experience as a software development lifecycle professional in one or more of the eight domains of the (ISC)2 CSSLP Common Body of Knowledge (CBK®).
Interested in CSSLP certification or SDLC training for your team? Learn more about Training Camp Enterprise Solutions.
(ISC)² CSSLP Exam Details
Duration – 180 mins
Number of Questions: 175
Passing Score: 700/1000
(ISC)² CSSLP Exam Voucher Policy
Unofficial training providers may say they include the exam voucher, but this is neither true nor ethical. (ISC)² and (ISC)² Official Training Providers, such as Training Camp are the only authorized organizations with the ability to offer vouchers for our exams. Unauthorized companies do not have the access required to purchase CSSLP exam vouchers. An authorized organization will never ask for a candidate’s Pearson VUE credentials.
Make sure you or your employees do not provide them to an unauthorized company. This puts them at risk and violates the terms of the (ISC)² Non Disclosure Agreement, which could result in losing their (ISC)² certification, being suspended indefinitely from retaking the exam, and losing money you’ve paid for the exam. This warning is shown clearly when enrolling for any CSSLP exam date. By going through official channels for exam vouchers, they – and your organization – eliminate these risks