CSSLP Training Course

CSSLP Training: Building Secure Software

A structured, deeply written training course covering the eight CSSLP domains from concepts through supply chain. Written for developers, architects, security engineers, and technical leads preparing for the ISC2 CSSLP exam and for practitioners who want a durable reference on integrating security across the software lifecycle.

Module 1: Secure Software Concepts 10% of exam

The foundations: what secure software means, the principles that make it possible, how risk applies to code, and the compliance drivers that force organizations to care.

  • 1.1 What CSSLP Is and the Secure Software Mindset 6 min Free preview
  • 1.2 Core Security Principles: CIA, AAA, and Nonrepudiation 7 min πŸ”’
  • 1.3 Security Design Principles 8 min πŸ”’
  • 1.4 Risk Management for Software 7 min πŸ”’
  • 1.5 Regulations, Privacy, and Compliance Drivers 8 min πŸ”’

Module 2: Secure Software Lifecycle Management 11% of exam

How to run a software program that produces secure output: SDLC choices, DevSecOps, roles and metrics, configuration management, and the policies that hold it together.

  • 2.1 SDLC Models and Where Security Fits 7 min πŸ”’
  • 2.2 Security in Agile and DevSecOps 8 min πŸ”’
  • 2.3 Roles, Responsibilities, and Governance 6 min πŸ”’
  • 2.4 Security Metrics and KPIs 6 min πŸ”’
  • 2.5 Software Configuration Management 6 min πŸ”’
  • 2.6 Threat Intelligence and Security Policy Management 6 min πŸ”’

Module 3: Secure Software Requirements 14% of exam

Requirements are the cheapest place to fix a security defect. This module covers how to identify, express, prioritize, and trace them so they survive into working software.

  • 3.1 Identifying Security Requirements 7 min πŸ”’
  • 3.2 Data Classification and Protection Requirements 7 min πŸ”’
  • 3.3 Privacy Requirements 7 min πŸ”’
  • 3.4 Compliance and Regulatory Requirements 6 min πŸ”’
  • 3.5 Misuse and Abuse Cases 6 min πŸ”’
  • 3.6 Security Requirements Traceability 6 min πŸ”’
  • 3.7 Third-Party and Interface Requirements 6 min πŸ”’

Module 4: Secure Software Architecture and Design 14% of exam

Design is where security either becomes cheap or expensive. This module covers threat modeling, attack surface, secure patterns, and design decisions for modern platforms.

  • 4.1 Threat Modeling: STRIDE, PASTA, LINDDUN 8 min πŸ”’
  • 4.2 Attack Surface Analysis 6 min πŸ”’
  • 4.3 Secure Design Patterns and Anti-Patterns 7 min πŸ”’
  • 4.4 Architecture Reviews 6 min πŸ”’
  • 4.5 Trust Boundaries and Interfaces 6 min πŸ”’
  • 4.6 Cryptographic Architecture 8 min πŸ”’
  • 4.7 Cloud, Mobile, and IoT Security Architecture 8 min πŸ”’

Module 5: Secure Software Implementation 14% of exam

Writing the code that actually resists attack: coding practices, common vulnerabilities, language-specific pitfalls, cryptographic use, and code review.

  • 5.1 Secure Coding Practices 7 min πŸ”’
  • 5.2 Common Vulnerabilities: Injection, XSS, CSRF, and Friends 9 min πŸ”’
  • 5.3 Language-Specific Security 7 min πŸ”’
  • 5.4 Implementing Cryptography Safely 7 min πŸ”’
  • 5.5 Authentication and Session Management in Code 7 min πŸ”’
  • 5.6 Input Validation and Output Encoding 6 min πŸ”’
  • 5.7 Code Analysis: SAST, Code Review, and Peer Practice 7 min πŸ”’

Module 6: Secure Software Testing 14% of exam

Verifying that the software is as secure as intended: strategy, DAST and IAST, penetration testing, fuzzing, test environments, defect handling, and regression.

  • 6.1 Security Test Strategy and Planning 7 min πŸ”’
  • 6.2 Vulnerability Scanning and DAST 7 min πŸ”’
  • 6.3 Penetration Testing 7 min πŸ”’
  • 6.4 Fuzzing and Property-Based Testing 6 min πŸ”’
  • 6.5 Test Data and Environment Security 6 min πŸ”’
  • 6.6 Defect Tracking and Remediation 6 min πŸ”’
  • 6.7 Regression, Verification, and Validation 6 min πŸ”’

Module 7: Secure Software Deployment, Operations, and Maintenance 12% of exam

Software that shipped clean must stay clean. This module covers release, hardening, monitoring, incident response, patching, and end-of-life.

  • 7.1 Secure Deployment and Release Management 7 min πŸ”’
  • 7.2 Configuration Hardening 6 min πŸ”’
  • 7.3 Operational Security Monitoring 7 min πŸ”’
  • 7.4 Incident Response for Software 7 min πŸ”’
  • 7.5 Patch and Vulnerability Management 6 min πŸ”’
  • 7.6 End-of-Life and Decommissioning 6 min πŸ”’

Module 8: Secure Software Supply Chain 11% of exam

Software is assembled from parts you did not write. This module covers the risks that come with the components, and how to keep them manageable.

  • 8.1 Supply Chain Risks Overview 6 min πŸ”’
  • 8.2 Third-Party and Open-Source Component Risk 7 min πŸ”’
  • 8.3 Software Bill of Materials (SBOM) 6 min πŸ”’
  • 8.4 Vendor Security Assessment 6 min πŸ”’
  • 8.5 Secure Procurement and Contracts 6 min πŸ”’
  • 8.6 Continuous Supply Chain Monitoring 6 min πŸ”’