Description

The Certified Secure Software Lifecycle Professional (CSSLP) validates that software professionals have the expertise to incorporate security practices – authentication, authorization and auditing – into each phase of the software development lifecycle (SDLC).

1: Secure Software Concepts

• Holistic Security
• Core Security Concepts
• Design Security Concepts
• Security Policies
• Software Development Methodologies
• Regulations, Privacy and Compliance

2: Secure Software Requirements

• Core Security Requirements
• General Security Requirements
• Operational Security Requirements
• Other Security Requirements
• Data Classification
• Subject/Object Matrix
• RTM (Requirement Traceability Matrix)

3: Secure Software Architecture and Design

• Need for Secure Design
• CIA and AAA based designs
• Secure Design Principles
• Threat Modelling
• System Architecture Types
• Security Technologies
• Demo- Threat Modelling
• Assignment/Quiz- Assignment (Threat Modelling)

4: Secure Software Implementation

• Common software Vulnerablities
• Defensive coding Practices
• Input Validation
• Canonicalization
• Cryptography
• Session Management
• Exception Management
• Tokenization
• Sandboxing
• Secure Software Process
• Demo- Topics covered as part of the OWASP Top 10 Lab
• Assignment/Quiz- Quiz (MCQ)

5: Secure Software Testing

• Quality Assurance
• Types of QA Testing
• Software Security testing
• White Box VS Black Box
• Testing for
• Input Validation
• Injection
• Scripting Attacks
• Spoofing
• 5. Error based attacks
• 6. Privilage Escalation
• Test Data Management
• Demo- Will be covered in Day 6
• Assignment/Quiz- Assignment (to be done after lab Session)
• OWASP Top 10: Theory
• Setting up lab
• Installing XAMPP
• Setting up Mutillidae
• Penetration Testing (Using Mutillidae and other applications)
• SQL Injection
• Cross Site Scripting (Stored, Reflected, DOM)
• Assignment- Setting up own lab and testing a vulnerable applicatioN
• Penetration Testing (Using Mutillidae and other applications)
• XXE attack
• Using Components with known vulnerabilities
• Session Hijacking
• Broken Authentication
• Requested Additional Content (Demo)
• CSRF
• Sensitive Data Exposure
• Insecure Deserilization
• Port scanning using nmap
• Phishing using Metasploit

6: Secure Lifecycle Management

• Secure Software Acceptance
• Completion Criteria
• Change Management
• Verification and Validation
• Certification and Accredition
• Demo- No
• Assignment/Quiz- Quiz (MCQ)

7: Secure Software Deployment, Operations, Maintainance

• Secure Software Installation and Deployment
• Hardening
• Environmental Configuration
• Release Management
• Release Management
• Release Management
• Secure Startup
• Secure Software Operations and Maintenance
• Monitoring
• Incident Management
• Change Management
• Backups/ Recovery/ Archives
• Secure Software Disposal
• EOL policies
• Sun- Setting Criteria
• Media Sanitization
• Demo- No
• Assignment/Quiz- Quiz (MCQ)

8: Secure Software Deployment, Operations, Maintainance

• Software acquisition and Supply Chain
• Software acquisition and Supply Chain
• Intellectual Property
• Software Development and Testing
• Assurance Requirement Conformance Validation
• Release Management
• Release Management
• Software SCRM during Acceptance
• Software SCRM during Delivery
• Chain of Custody
• SCRM during Deployment
• SCRM during Operations
• SCRM during Maintainance
• Software SCRM during Retirement
• *(SCRM: Supply Chain Risk Management)
• Demo- No
• Assignment/Quiz- Quiz (MCQ)

For more inputs on CSSLP you can connect here.
Contact the L&D Specialist at Locus IT.

Locus Academy has more than a decade experience in delivering the training/staffing on CSSLP for corporates across the globe. The participants for the training/staffing on CSSLP are extremely satisfied and are able to implement the learnings in their on going projects.