logo-img
  • In trainingen zoeken...
  • No direct match found.
    Let AI search for a suitable alternative via Enter or the search button.
We are looking for the best courses for you…
All Trainings
All Trainings
  • In trainingen zoeken...
  • No direct match found.
    Let AI search for a suitable alternative via Enter or the search button.
We are looking for the best courses for you…
NL / EN
CSSLP training - Certified Secure Software Lifecycle Professional

CSSLP training - Certified Secure Software Lifecycle Professional

5 days Classroom Engels

Sharpest price in just 2 steps

Requesting more information and/or the current price of this training is easy. We take into account any ongoing promotions, subsidies, or relationship discounts.
1 of 2
2 van 2

Why CSSLP training - Certified Secure Software Lifecycle Professional at TSTC?

  • You train with the Dutch specialist in (cyber)security and information security training.
  • Very high success rate of over 90% passing on their first attempt.
  • More equitable groups through short self-study beforehand with more room for complex topics, interaction, and depth in the classroom training.
  • Practitioner trainer who brings the 'dry' material to life with practical examples from the field.
  • Hybrid training where you decide whether to attend the training physically, via Live Online, or in a combination of both.
  • The best experience, feel free to read the reviews from former students.
Training Summary

Description

In the development of software applications, security is often relatively overlooked during the development process. Only shortly before delivery (or not at all) is the safety of an application assessed using a vulnerability scan or penetration test, where time pressure and costs impact the necessary adjustments. In the CSSLP training, you will learn to implement security in every phase of the software development process (the Software Development Lifecycle SDLC) so that security is demonstrably assured towards customers or the organization itself. We will also address the selection, drafting of requirements, procurement, and maintenance of software that you do not develop in-house but purchase elsewhere.

The CSSLP certification validates software professionals who have demonstrable expertise in incorporating security practices - for example, in the areas of authentication, authorization, and auditing - in every phase of the software development lifecycle, from software design and implementation to testing and deployment. CSSLPs have proven skills in:

  • Developing an application program for the security of their organization
  • Reducing production costs, decreasing the number of application vulnerabilities, and minimizing delays in delivery
  • Increasing the credibility and reliability of an organization and its development team
  • Reducing revenue loss and reputational damage due to a breach caused by insecure software

As a CSSLP, you possess a holistic understanding of security best practices, policies, and procedures throughout all phases of the software development lifecycle. You develop secure applications that are resilient to attacks and meet all requirements regarding compliance, quality, functionality, and assurance. Thus, you are also able to advise others in developing secure software.

AI

As AI transforms the software development landscape, the CSSLP exam structure has been modernized to continue addressing the security of the entire lifecycle - from the initial concept to supply chain management - specifically concerning AI-driven and AI-integrated applications. This ensures that software professionals can design, build, and maintain applications that safely leverage machine learning and defend against the unique risks that AI brings to the software stack.

Working method

The CSSLP training is classroom-based but can also be attended Live Online if desired. You will follow the training remotely with our own instructor, view the slides and notes on the whiteboard and can ask questions whenever you want. Basically, it's just like a classroom training but from your own location. If the Live Online training did not meet your expectations, you may attend it again in person at a later date free of charge.

Certification

This training prepares you for the CSSLP exam from (ISC)2. This exam can be taken throughout the year at Selected Pearson Vue exam centers. There are no admission requirements for exam participation. However, you must have one year of full-time paid work experience in one or more of the eight CSSLP domains to be able to hold the certification upon successful completion. If you do not yet meet the requirement, it is possible to gain this experience after passing the exam. Students who unfortunately fail the exam may participate in the classroom training again free of charge. Our support only ends when you pass.

Training Requirements

  • De Certified Secure Software Lifecycle Professional (CSSLP) training is bestemd voor iedereen die betrokken is bij de SDLC. CSSLPs bekleden vaak posities als:
  • Software Architect
  • Software Engineer
  • Softwareontwikkelaar
  • Applicatie security specialist
  • Software programma-manager
  • Quality Assurance Tester
  • Security Manager
  • IT Director/Manager
  • Project Manager
  • Penetratietester

Materials

Training Content

Begrijpen van kernconcepten

Begrijpen van beveiligingsontwerpprincipes

Beheer van beveiliging binnen een softwareontwikkelmethode (bijv. Agile, waterval)

Identificeren en toepassen van beveiligingsstandaarden (bijv. implementeren van security frameworks, bevorderen van security awareness)

Strategie en roadmap opstellen

Definiëren en ontwikkelen van beveiligingsdocumentatie

Definiëren van security-metrics (bijv. kritikaliteit, gemiddelde hersteltijd, complexiteit, Key Performance Indicators (KPI), doelstellingen en key results)

Applicaties uitfaseren

Opzetten van beveiligingsrapportagemechanismen (bijv. rapporten, dashboards, feedbackloops)

Integreren van geïntegreerde risicomanagementmethoden

Implementeren van veilige operationele werkwijzen

Definiëren van softwarebeveiligingsvereisten

Identificeren van compliance-eisen

Identificeren van data-classificatie-eisen

Identificeren van privacy-eisen

Definiëren van toegangsbeheer en data-toewijzing

Ontwikkelen van misuse- en abuse cases

Ontwikkelen van een Security Requirement Traceability Matrix (SRTM)

Definiëren van beveiligingseisen voor derde partijen (vendors)

Definiëren van de beveiligingsarchitectuur

Ontwerpen van veilige interfaces

Evalueren en selecteren van herbruikbare technologieën

Uitvoeren van threat modeling

Uitvoeren van architecturale risicoanalyse en ontwerpreviews

Modelleren van (niet-functionele) security-eigenschappen en beperkingen

Definiëren van veilige operationele architectuur (bijv. deployment-topologie, operationele interfaces, CI/CD)

Naleven van relevante secure coding-praktijken (bijv. standaarden, richtlijnen en regelgeving)

Analyseren van code op beveiligingsrisico’s

Implementeren van security controls (bijv. watchdogs, File Integrity Monitoring (FIM), anti-malware)

Aanpakken van geïdentificeerde beveiligingsrisico’s (bijv. risicostrategie)

Evalueren en integreren van componenten

Toepassen van beveiliging tijdens het build-proces

Ontwikkelen van een teststrategie en testplan voor beveiliging

Ontwikkelen van security test cases

Verifiëren en valideren van documentatie (bijv. installatie- en configuratiehandleidingen, foutmeldingen, gebruikershandleidingen, release notes)

Identificeren van niet-gedocumenteerde functionaliteit

Analyseren van security-implicaties van testresultaten (bijv. impact op productmanagement, prioritering, break/build-criteria)

Classificeren en opvolgen van beveiligingsfouten

Beveiligen van testdata

Uitvoeren van verificatie- en validatietesten (bijv. onafhankelijke/interne V&V, acceptatietesten)

Uitvoeren van operationele risicoanalyse

Veilige configuratie en versiebeheer

Veilige software-releases uitvoeren

Opslaan en beheren van beveiligingsdata

Zorgen voor veilige installatie

Verkrijgen van goedkeuring om in productie te gaan (bijv. risk acceptance, formele goedkeuring)

Uitvoeren van Information Security Continuous Monitoring (ISCM)

Uitvoeren van het incident response plan

Uitvoeren van patchmanagement (bijv. veilige release, testen)

Uitvoeren van vulnerability management (bijv. tracking, triage, CVE’s)

Implementeren van runtime protection (bijv. RASP, WAF, ASLR, dynamic execution prevention)

Ondersteunen van continuïteit van bedrijfsvoering

Integreren van service level objectives en service level agreements (SLA) (bijv. onderhoud, prestaties, beschikbaarheid, gekwalificeerd personeel)

Implementeren van risicomanagement voor de software supply chain (bijv. ISO, NIST)

Analyseren van de beveiliging van third-party software

Verifiëren van herkomst en authenticiteit (pedigree en provenance)

Zorgen voor en verifiëren van leveranciersbeveiligingseisen in het inkoopproces

Ondersteunen van contractuele eisen (bijv. intellectueel eigendom, code escrow, aansprakelijkheid, garantie, EULA, SLA)

Description

In the development of software applications, security is often relatively overlooked during the development process. Only shortly before delivery (or not at all) is the safety of an application assessed using a vulnerability scan or penetration test, where time pressure and costs impact the necessary adjustments. In the CSSLP training, you will learn to implement security in every phase of the software development process (the Software Development Lifecycle SDLC) so that security is demonstrably assured towards customers or the organization itself. We will also address the selection, drafting of requirements, procurement, and maintenance of software that you do not develop in-house but purchase elsewhere.

The CSSLP certification validates software professionals who have demonstrable expertise in incorporating security practices - for example, in the areas of authentication, authorization, and auditing - in every phase of the software development lifecycle, from software design and implementation to testing and deployment. CSSLPs have proven skills in:

  • Developing an application program for the security of their organization
  • Reducing production costs, decreasing the number of application vulnerabilities, and minimizing delays in delivery
  • Increasing the credibility and reliability of an organization and its development team
  • Reducing revenue loss and reputational damage due to a breach caused by insecure software

As a CSSLP, you possess a holistic understanding of security best practices, policies, and procedures throughout all phases of the software development lifecycle. You develop secure applications that are resilient to attacks and meet all requirements regarding compliance, quality, functionality, and assurance. Thus, you are also able to advise others in developing secure software.

AI

As AI transforms the software development landscape, the CSSLP exam structure has been modernized to continue addressing the security of the entire lifecycle - from the initial concept to supply chain management - specifically concerning AI-driven and AI-integrated applications. This ensures that software professionals can design, build, and maintain applications that safely leverage machine learning and defend against the unique risks that AI brings to the software stack.

Working method

The CSSLP training is classroom-based but can also be attended Live Online if desired. You will follow the training remotely with our own instructor, view the slides and notes on the whiteboard and can ask questions whenever you want. Basically, it's just like a classroom training but from your own location. If the Live Online training did not meet your expectations, you may attend it again in person at a later date free of charge.

Certification

This training prepares you for the CSSLP exam from (ISC)2. This exam can be taken throughout the year at Selected Pearson Vue exam centers. There are no admission requirements for exam participation. However, you must have one year of full-time paid work experience in one or more of the eight CSSLP domains to be able to hold the certification upon successful completion. If you do not yet meet the requirement, it is possible to gain this experience after passing the exam. Students who unfortunately fail the exam may participate in the classroom training again free of charge. Our support only ends when you pass.

Training Requirements

  • De Certified Secure Software Lifecycle Professional (CSSLP) training is bestemd voor iedereen die betrokken is bij de SDLC. CSSLPs bekleden vaak posities als:
  • Software Architect
  • Software Engineer
  • Softwareontwikkelaar
  • Applicatie security specialist
  • Software programma-manager
  • Quality Assurance Tester
  • Security Manager
  • IT Director/Manager
  • Project Manager
  • Penetratietester

Training Content

Begrijpen van kernconcepten

Begrijpen van beveiligingsontwerpprincipes

Beheer van beveiliging binnen een softwareontwikkelmethode (bijv. Agile, waterval)

Identificeren en toepassen van beveiligingsstandaarden (bijv. implementeren van security frameworks, bevorderen van security awareness)

Strategie en roadmap opstellen

Definiëren en ontwikkelen van beveiligingsdocumentatie

Definiëren van security-metrics (bijv. kritikaliteit, gemiddelde hersteltijd, complexiteit, Key Performance Indicators (KPI), doelstellingen en key results)

Applicaties uitfaseren

Opzetten van beveiligingsrapportagemechanismen (bijv. rapporten, dashboards, feedbackloops)

Integreren van geïntegreerde risicomanagementmethoden

Implementeren van veilige operationele werkwijzen

Definiëren van softwarebeveiligingsvereisten

Identificeren van compliance-eisen

Identificeren van data-classificatie-eisen

Identificeren van privacy-eisen

Definiëren van toegangsbeheer en data-toewijzing

Ontwikkelen van misuse- en abuse cases

Ontwikkelen van een Security Requirement Traceability Matrix (SRTM)

Definiëren van beveiligingseisen voor derde partijen (vendors)

Definiëren van de beveiligingsarchitectuur

Ontwerpen van veilige interfaces

Evalueren en selecteren van herbruikbare technologieën

Uitvoeren van threat modeling

Uitvoeren van architecturale risicoanalyse en ontwerpreviews

Modelleren van (niet-functionele) security-eigenschappen en beperkingen

Definiëren van veilige operationele architectuur (bijv. deployment-topologie, operationele interfaces, CI/CD)

Naleven van relevante secure coding-praktijken (bijv. standaarden, richtlijnen en regelgeving)

Analyseren van code op beveiligingsrisico’s

Implementeren van security controls (bijv. watchdogs, File Integrity Monitoring (FIM), anti-malware)

Aanpakken van geïdentificeerde beveiligingsrisico’s (bijv. risicostrategie)

Evalueren en integreren van componenten

Toepassen van beveiliging tijdens het build-proces

Ontwikkelen van een teststrategie en testplan voor beveiliging

Ontwikkelen van security test cases

Verifiëren en valideren van documentatie (bijv. installatie- en configuratiehandleidingen, foutmeldingen, gebruikershandleidingen, release notes)

Identificeren van niet-gedocumenteerde functionaliteit

Analyseren van security-implicaties van testresultaten (bijv. impact op productmanagement, prioritering, break/build-criteria)

Classificeren en opvolgen van beveiligingsfouten

Beveiligen van testdata

Uitvoeren van verificatie- en validatietesten (bijv. onafhankelijke/interne V&V, acceptatietesten)

Uitvoeren van operationele risicoanalyse

Veilige configuratie en versiebeheer

Veilige software-releases uitvoeren

Opslaan en beheren van beveiligingsdata

Zorgen voor veilige installatie

Verkrijgen van goedkeuring om in productie te gaan (bijv. risk acceptance, formele goedkeuring)

Uitvoeren van Information Security Continuous Monitoring (ISCM)

Uitvoeren van het incident response plan

Uitvoeren van patchmanagement (bijv. veilige release, testen)

Uitvoeren van vulnerability management (bijv. tracking, triage, CVE’s)

Implementeren van runtime protection (bijv. RASP, WAF, ASLR, dynamic execution prevention)

Ondersteunen van continuïteit van bedrijfsvoering

Integreren van service level objectives en service level agreements (SLA) (bijv. onderhoud, prestaties, beschikbaarheid, gekwalificeerd personeel)

Implementeren van risicomanagement voor de software supply chain (bijv. ISO, NIST)

Analyseren van de beveiliging van third-party software

Verifiëren van herkomst en authenticiteit (pedigree en provenance)

Zorgen voor en verifiëren van leveranciersbeveiligingseisen in het inkoopproces

Ondersteunen van contractuele eisen (bijv. intellectueel eigendom, code escrow, aansprakelijkheid, garantie, EULA, SLA)

shape

I am taking this next step in my lifelong learning journey.

CSSLP training - Certified Secure Software Lifecycle Professional

Enrollment Form

1

Applicant Information

2

Billing Information

What Can I Learn After The CSSLP training - Certified Secure Software Lifecycle Professional?

  • Understand and apply core concepts of secure software development and security design principles.
  • Developing misuse and abuse cases and translating them into demonstrable security requirements through traceability matrices.
  • Assessing and selecting reusable technologies and components based on security and risk criteria.
  • Develop security test strategies and test cases to demonstrably assess software security.
  • Establishing and managing secure deployment, configuration, release, and installation processes.
  • Integrate and manage security throughout the entire software development lifecycle (SSDLC), regardless of development method such as Agile or waterfall.
  • Design a secure software architecture and operational architecture, including CI/CD and deployment structures.
  • Apply secure coding principles and analyze software code for security risks.
  • Perform security testing and interpret test results to assess risks and impact.
  • Performing security operations, including monitoring, incident response, patch and vulnerability management, and runtime protection.
  • Translating security, compliance, privacy, and data classification requirements into concrete and applicable software requirements.
  • Conducting threat modeling and architectural risk analyses to assess and improve design choices.
  • Implementing and integrating security controls in the development, build, and deployment process.
  • Classifying, tracking, and managing vulnerabilities, security flaws, and test findings within the development process.
  • Assessing and managing software supply chain risks, including third-party software and contractual security requirements.

Schedules

This training is scheduled as follows in the coming period. Missing a date? Feel free to contact us.

Date: In overleg

Location:

Request current price

CSSLP training - Certified Secure Software Lifecycle Professional

Enrollment Form

1

Applicant Information

2

Billing Information

Learning paths

This training can also be taken as part of the below learning path(s). If you want to follow multiple titles from a learning path, please contact our advisors for a suitable bundle offer.

Expert
Intermediate
Fundamentals

Secure Software Developer

Expert
Intermediate
Fundamentals
Shape

Frequently Asked Questions

For the most part, yes, DORA requires that security is embedded throughout the entire software lifecycle (secure-by-design). CSSLP is specifically about this and helps you ensure security at every step of the development lifecycle. It is important that the insights from the CSSLP training are then translated into policies that are auditable and linked to a risk management framework, including a capability for incident detection and management.

I am taking this next step in my lifelong learning journey.

CSSLP training - Certified Secure Software Lifecycle Professional

Enrollment Form

1

Applicant Information

2

Billing Information

Related Trainings

Security Masterclass voor Developers Alternatieve training

Security Masterclass voor Developers
OWASP Top 10 (eLearn leerpad) Alternatieve training

OWASP Top 10 (eLearn leerpad)
Why experienced professionals choose TSTC for their studies

Train smarter, not harder. TSTC's unique approach guarantees the effective acquisition of skills and the greatest chance of success.

Learn more about TSTC
Toucan Rhino