Certified Secure Software Lifecycle Professional (CSSLP)

Application vulnerabilities continue to top the list of cyber security concerns. While attackers and researchers continue to expose new application vulnerabilities, the most common application flaws are previous, rediscovered threats. This high volume of known application vulnerabilities suggests that many development teams do not have the security resources needed to address all potential security flaws and a clear shortage of qualified professionals with application security skills exists. Without action, this soft underbelly of business and governmental entities has and will continue to be exposed with serious consequences--data breaches, disrupted operations, lost business, brand damage, and regulatory fines. This is why it is essential for software professionals to stay current on the latest advances in software development and the new security threats they create. The CSSLP certification validates that software professionals have the expertise to incorporate security practices - authentication, authorization and auditing - into each phase of the software development lifecycle, from software design and implementation to testing and deployment.

Enabling the Next Generation to Build Secure Software

Attackers and researchers continue to expose new application vulnerabilities, and it's no wonder that application vulnerabilities are ranked the #1 threat to cybersecurity professionals (according to the 2015 (ISC)2 Global Information Security Workforce Study). Web application security must be a priority for organizations to protect their business and reputation. For this reason, it is crucial that anyone involved in the software development lifecycle (SDLC) be knowledgeable and experienced in understanding how to build secure software.

The CSSLP certification validates software professionals have the expertise to incorporate security practices - authentication, authorization and auditing - into each phase of the SDLC, from software design and implementation to testing and deployment. CSSLPs have proven proficiency in:

  • Developing an application security program in their organization
  • Reducing production costs, application vulnerabilities and delivery delays
  • Enhancing the credibility of their organization and its development team
  • Reducing loss of revenue and reputation due to a breach resulting from insecure software

Who should obtain the CSSLP certification?

The Certified Secure Software Lifecycle Professional (CSSLP) is for everyone involved in the SDLC with at least 4 years of cumulative paid full-time work experience in 1 or more of the 8 domains of the CSSLP CBK. CSSLPs often hold positions such as the following:

  • Software Architect
  • Software Engineer
  • Software Developer
  • Application Security Specialist
  • Software Program Manager
  • Quality Assurance Tester
  • Penetration Tester
  • Software Procurement Analyst
  • Project Manager
  • Security Manager
  • IT Director/Manager

Don't have the application security experience to earn your certification? Earn your experience to become a CSSLP as an Associate of (ISC)2 by successfully passing the CSSLP exam. You'll have up to 5 years to earn your experience. Find out more about becoming an associate.

Globally Recognized Proficiency in Application Security

The CSSLP draws from a comprehensive, up-to-date, global common body of knowledge that ensures software professionals have deep knowledge and understanding of how to build secure software. CSSLP tests one competence in the following 8 domains:

  • Secure Software Concepts
  • Secure Software Requirements
  • Secure Software Design
  • Secure Software Implementation/Coding
  • Secure Software Testing
  • Software Acceptance
  • Software Deployment, Operations, Maintenance and Disposal
  • Supply Chain and Software Acquisition

Contact us for more information