Software Security Training Courses
Our instructors are subject matter experts in software security with practical experience in all the security practices they teach. Our instructors were also involved in writing and reviewing exam questions for the (ISC)2 CSSLP™ - Certified Secure Software Lifecycle Professional credential.
The CSSLP is a globally recognized standard of achievement and establishes an industry standard regarding the holder’s knowledge and understanding for applying best practices when delivering secure software.
Software Security Education
We currently offer the following courses that can be taught onsite at your organization or in a conveniently located training center. Please contact us to schedule a class for your organization.Developing Secure Web Applications
This is a three-day instructor led course focused on developing applications that are “self-defending” for their given environment. The course objectives are the following:- Understand why Web applications are easily attacked
- Learn how to view the application from the perspective of an adversary
- Know how to identify common flaws in Web applications
- Know how to avoid common vulnerability patterns
- Learn how to choose the right frameworks and technologies for your project
CSSLP CBK Review Seminar
This is a five-day instructor led course that prepares a candidate to take the CSSLP certification exam and become a CSSLP. The course covers the seven domains comprising the CSSLP Common Body of Knowledge (CBK®) as defined by (ISC)2:- Secure software concepts—Security implications in software development
- Secure software requirements—Capturing security requirements in the requirements gathering phase
- Secure software design—Translating security requirements into application design elements
- Secure software implementation/coding—Testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
- Secure software testing—Testing for security functionality and resiliency to attack
- Software acceptance—Security implications in the software acceptance phase
- Software deployment, operations, maintenance, and
disposal—Security issues around steady state operations and management
of software.
CSSLP - Certified Secure Software Lifecycle Professional
The
CSSLP Professional Certification is designed to establish an industry
standard and credential that attests to the holder’s knowledge and ability
to apply best practices in delivering secure software. The certification
is language neutral and focuses on professionals whose work is related
to the software life cycle, including software architects, software engineers,
developers, programmers, project managers, quality assurance testers,
and analysts.
The impetus behind the CSSLP certification is the ever-increasing losses incurred by all types of organizations from both insider and outsider attacks because of software that is not secure. Also, because of the increased exploitation of software vulnerabilities, additional regulatory and compliance requirements are being imposed by governmental bodies.
Secure software controls should be an integral part of the software life cycle, from conception to disposal, and should address the fundamental security concepts of confidentiality, integrity, availability, authentication, authorization, and auditing.
In order to become certified, the candidate must provide evidence of four years experience with the software development life cycle (SDLC) process or three years experience plus a bachelor’s degree or regional equivalent in an IT discipline, subscribe to the (ISC)2 code of ethics, pass the examination, and complete the endorsement process.
A CSSLP candidate who has passed the examination must obtain an endorsement from another (ISC)2 certified professional in good standing, verifying that the candidate is in good standing in the information security arena and does have the claimed professional experience and qualifications. Then the CSSLP credential can be awarded. Those candidates who have passed the exam but need to obtain the required experience are categorized as an Associate of (ISC)2. In addition, randomly selected candidates who have passed the CSSLP exam will be audited by (ISC)2 before certification is awarded.
The registration fee for the four-hour CSSLP examination is U.S. $549 (early registration) and U.S. $599 (standard registration).
The CSSLP is required to be recertified every three years by obtaining 90 continuing professional education (CPE) credits, with a minimum of 15 CPEs being earned each year of the three-year period. An annual maintenance fee of $100 must also be paid to maintain the certification.
Strong Crypto offers a CSSLP CBK Review Seminar taught by Alexander J. Fry
