Duration: Hours



    Training Mode: Online


    The Certified Secure Software Lifecycle Professional (CSSLP) validates that software professionals have the expertise to incorporate security practices – authentication, authorization and auditing – into each phase of the software development lifecycle (SDLC).

    1: Secure Software Concepts

    • Holistic Security
    • Core Security Concepts
    • Design Security Concepts
    • Security Policies
    • Software Development Methodologies
    • Regulations, Privacy and Compliance

    2: Secure Software Requirements

    • Core Security Requirements
    • General Security Requirements
    • Operational Security Requirements
    • Other Security Requirements
    • Data Classification
    • Subject/Object Matrix
    • RTM (Requirement Traceability Matrix)

    3: Secure Software Architecture and Design

    • Need for Secure Design
    • CIA and AAA based designs
    • Secure Design Principles
    • Threat Modelling
    • System Architecture Types
    • Security Technologies
    • Demo- Threat Modelling
    • Assignment/Quiz- Assignment (Threat Modelling)

    4: Secure Software Implementation

    • Common software Vulnerablities
    • Defensive coding Practices
    • Input Validation
    • Canonicalization
    • Cryptography
    • Session Management
    • Exception Management
    • Tokenization
    • Sandboxing
    • Secure Software Process
    • Demo- Topics covered as part of the OWASP Top 10 Lab
    • Assignment/Quiz- Quiz (MCQ)

    5: Secure Software Testing

    • Quality Assurance
    • Types of QA Testing
    • Software Security testing
    • White Box VS Black Box
    • Testing for
    • Input Validation
    • Injection
    • Scripting Attacks
    • Spoofing
    • 5. Error based attacks
    • 6. Privilage Escalation
    • Test Data Management
    • Demo- Will be covered in Day 6
    • Assignment/Quiz- Assignment (to be done after lab Session)
    • OWASP Top 10: Theory
    • Setting up lab
    • Installing XAMPP
    • Setting up Mutillidae
    • Penetration Testing (Using Mutillidae and other applications)
    • SQL Injection
    • Cross Site Scripting (Stored, Reflected, DOM)
    • Assignment- Setting up own lab and testing a vulnerable applicatioN
    • Penetration Testing (Using Mutillidae and other applications)
    • XXE attack
    • Using Components with known vulnerabilities
    • Session Hijacking
    • Broken Authentication
    • Requested Additional Content (Demo)
    • CSRF
    • Sensitive Data Exposure
    • Insecure Deserilization
    • Port scanning using nmap
    • Phishing using Metasploit

    6: Secure Lifecycle Management

    • Secure Software Acceptance
    • Completion Criteria
    • Change Management
    • Verification and Validation
    • Certification and Accredition
    • Demo- No
    • Assignment/Quiz- Quiz (MCQ)

    7: Secure Software Deployment, Operations, Maintainance

    • Secure Software Installation and Deployment
    • Hardening
    • Environmental Configuration
    • Release Management
    • Release Management
    • Release Management
    • Secure Startup
    • Secure Software Operations and Maintenance
    • Monitoring
    • Incident Management
    • Change Management
    • Backups/ Recovery/ Archives
    • Secure Software Disposal
    • EOL policies
    • Sun- Setting Criteria
    • Media Sanitization
    • Demo- No
    • Assignment/Quiz- Quiz (MCQ)

    8: Secure Software Deployment, Operations, Maintainance

    • Software acquisition and Supply Chain
    • Software acquisition and Supply Chain
    • Intellectual Property
    • Software Development and Testing
    • Assurance Requirement Conformance Validation
    • Release Management
    • Release Management
    • Software SCRM during Acceptance
    • Software SCRM during Delivery
    • Chain of Custody
    • SCRM during Deployment
    • SCRM during Operations
    • SCRM during Maintainance
    • Software SCRM during Retirement
    • *(SCRM: Supply Chain Risk Management)
    • Demo- No
    • Assignment/Quiz- Quiz (MCQ)

    For more inputs on CSSLP you can connect here.
    Contact the L&D Specialist at Locus IT.

    Locus Academy has more than a decade experience in delivering the training/staffing on CSSLP for corporates across the globe. The participants for the training/staffing on CSSLP are extremely satisfied and are able to implement the learnings in their on going projects.


    There are no reviews yet.

    Be the first to review “CSSLP”

    Your email address will not be published. Required fields are marked *

    CSSLP (certified secure software lifecycle professional) is a certification from (ISC)2 that focuses on application security within the software development lifecycle (SDLC). Launched in 2008, the CSSLP certification is designed for programmers, project managers, IT analysts or engineers involved in the SDLC.