Introduction
The CSSLP™ Professional Certification is designed to establish an industry standard and credential that attests to the holder's knowledge and ability to apply best practices in delivering secure software. The certification is language neutral and focuses on professionals whose work is related to the software life cycle, including software architects, software engineers, developers, programmers, project managers, quality assurance testers, and analysts.
The impetus behind the CSSLP certification is the ever-increasing losses incurred by all types of organizations from both insider and outsider attacks because of software that is not secure. Also, because of the increased exploitation of software vulnerabilities, additional regulatory and compliance requirements are being imposed by governmental bodies.
Secure software controls should be an integral part of the software life cycle, from conception to disposal, and should address the fundamental security concepts of confidentiality, integrity, availability, authentication, authorization, and auditing.
CSSLP Domains
As defined by (ISC)2, the domains comprising the CSSLP Common Body of Knowledge (CBK®) are:
Secure software concepts—Security implications in software development
Secure software requirements—Capturing security requirements in the requirements gathering phase
Secure software design—Translating security requirements into application design elements
Secure software implementation/coding—Testing for security functionality ...
Get The CSSLP™ Prep Guide: Mastering the Certified Secure Software Lifecycle Professional now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.