CSSLP Training: Building Secure Software
A structured, deeply written training course covering the eight CSSLP domains from concepts through supply chain. Written for developers, architects, security engineers, and technical leads preparing for the ISC2 CSSLP exam and for practitioners who want a durable reference on integrating security across the software lifecycle.
Module 1: Secure Software Concepts 10% of exam
The foundations: what secure software means, the principles that make it possible, how risk applies to code, and the compliance drivers that force organizations to care.
- 1.1 What CSSLP Is and the Secure Software Mindset 6 min Free preview
- 1.2 Core Security Principles: CIA, AAA, and Nonrepudiation 7 min π
- 1.3 Security Design Principles 8 min π
- 1.4 Risk Management for Software 7 min π
- 1.5 Regulations, Privacy, and Compliance Drivers 8 min π
Module 2: Secure Software Lifecycle Management 11% of exam
How to run a software program that produces secure output: SDLC choices, DevSecOps, roles and metrics, configuration management, and the policies that hold it together.
- 2.1 SDLC Models and Where Security Fits 7 min π
- 2.2 Security in Agile and DevSecOps 8 min π
- 2.3 Roles, Responsibilities, and Governance 6 min π
- 2.4 Security Metrics and KPIs 6 min π
- 2.5 Software Configuration Management 6 min π
- 2.6 Threat Intelligence and Security Policy Management 6 min π
Module 3: Secure Software Requirements 14% of exam
Requirements are the cheapest place to fix a security defect. This module covers how to identify, express, prioritize, and trace them so they survive into working software.
- 3.1 Identifying Security Requirements 7 min π
- 3.2 Data Classification and Protection Requirements 7 min π
- 3.3 Privacy Requirements 7 min π
- 3.4 Compliance and Regulatory Requirements 6 min π
- 3.5 Misuse and Abuse Cases 6 min π
- 3.6 Security Requirements Traceability 6 min π
- 3.7 Third-Party and Interface Requirements 6 min π
Module 4: Secure Software Architecture and Design 14% of exam
Design is where security either becomes cheap or expensive. This module covers threat modeling, attack surface, secure patterns, and design decisions for modern platforms.
- 4.1 Threat Modeling: STRIDE, PASTA, LINDDUN 8 min π
- 4.2 Attack Surface Analysis 6 min π
- 4.3 Secure Design Patterns and Anti-Patterns 7 min π
- 4.4 Architecture Reviews 6 min π
- 4.5 Trust Boundaries and Interfaces 6 min π
- 4.6 Cryptographic Architecture 8 min π
- 4.7 Cloud, Mobile, and IoT Security Architecture 8 min π
Module 5: Secure Software Implementation 14% of exam
Writing the code that actually resists attack: coding practices, common vulnerabilities, language-specific pitfalls, cryptographic use, and code review.
- 5.1 Secure Coding Practices 7 min π
- 5.2 Common Vulnerabilities: Injection, XSS, CSRF, and Friends 9 min π
- 5.3 Language-Specific Security 7 min π
- 5.4 Implementing Cryptography Safely 7 min π
- 5.5 Authentication and Session Management in Code 7 min π
- 5.6 Input Validation and Output Encoding 6 min π
- 5.7 Code Analysis: SAST, Code Review, and Peer Practice 7 min π
Module 6: Secure Software Testing 14% of exam
Verifying that the software is as secure as intended: strategy, DAST and IAST, penetration testing, fuzzing, test environments, defect handling, and regression.
- 6.1 Security Test Strategy and Planning 7 min π
- 6.2 Vulnerability Scanning and DAST 7 min π
- 6.3 Penetration Testing 7 min π
- 6.4 Fuzzing and Property-Based Testing 6 min π
- 6.5 Test Data and Environment Security 6 min π
- 6.6 Defect Tracking and Remediation 6 min π
- 6.7 Regression, Verification, and Validation 6 min π
Module 7: Secure Software Deployment, Operations, and Maintenance 12% of exam
Software that shipped clean must stay clean. This module covers release, hardening, monitoring, incident response, patching, and end-of-life.
- 7.1 Secure Deployment and Release Management 7 min π
- 7.2 Configuration Hardening 6 min π
- 7.3 Operational Security Monitoring 7 min π
- 7.4 Incident Response for Software 7 min π
- 7.5 Patch and Vulnerability Management 6 min π
- 7.6 End-of-Life and Decommissioning 6 min π
Module 8: Secure Software Supply Chain 11% of exam
Software is assembled from parts you did not write. This module covers the risks that come with the components, and how to keep them manageable.
- 8.1 Supply Chain Risks Overview 6 min π
- 8.2 Third-Party and Open-Source Component Risk 7 min π
- 8.3 Software Bill of Materials (SBOM) 6 min π
- 8.4 Vendor Security Assessment 6 min π
- 8.5 Secure Procurement and Contracts 6 min π
- 8.6 Continuous Supply Chain Monitoring 6 min π
