Certified Secure Software Lifecycle Professional in bullet points

Quality checks status

  • This repo contains study notes for Certified Secure Software Lifecycle Professional (CSSLP) exam.
  • Good luck & enjoy studying! ☕
  • Contributions of any kind are welcome!

Symbols

  • There are some symbols used throughout the documentation: (TODO)

    Symbol Description
    💡 Best practice or practical tips
    An important limitation, challenge or an exception
    📝 Common exam area

Content

  1. Secure Software Concepts
    1. General Security Concepts
    2. Risk Management
    3. Security Policies and Regulations
    4. Software Development Methodologies
  2. Secure Software Requirements
    1. Policy Decomposition
    2. Data Classification and Categorization
    3. Requirements
  3. Secure Software Design
    1. Design Processes
    2. Design Considerations
    3. Securing Commonly Used Architecture
    4. Technologies
  4. Secure Software Implementation/Programming
    1. Common Software Vulnerabilities and Countermeasures
    2. Defensive Coding Practices
    3. Secure Software Coding Operations
  5. Secure Software Testing
    1. Security Quality Assurance Testing
    2. Security Testing
  6. Secure Lifecycle Management
    1. General Security Concepts
  7. Software Deployment, Operations, and Maintenance
    1. Secure Software Installation and Deployment
    2. Secure Software Operations and Maintenance
  8. Supply Chain and Software Acquisition
    1. Supply Chain and Software Acquisition
  9. Terms
  10. Outline