Certified Secure Software Lifecycle Professional (CSSLP)

IMF Academy

Kurs

In Utrecht (Niederlande)

3.500 € MwSt.-frei

Beschreibung

  • Kursart

    Kurs

  • Niveau

    Fortgeschritten

  • Ort

    Utrecht (Niederlande)

  • Unterrichtsstunden

    40h

  • Dauer

    5 Tage

Learn to develop, manage and maintain software security
Some 80% of all security breaches are application-related. Application security must therefore be a priority to organizations to protect their business and reputation. According to several studies, application vulnerabilities are ranked the number 1 threat to cybersecurity professionals. It is crucial that anyone involved in the Software Development Lifecycle (SDLC) is knowledgeable and experienced in understanding how to build secure software. In this 5-day training you will be prepared for the international Certified Secure Software Lifecycle Professional (CSSLP) title of (ISC)2.

Globally recognized proficiency in application security with CSSLP
This 5-day Certified Secure Software Lifecycle Professional (CSSLP) training provides you with the expertise to incorporate security practices - authentication, authorization and auditing - into each phase of the SDLC, from software design and implementation to testing and deployment. The CSSLP training will ensure that you have a deep knowledge and understanding of how to build secure software.

Certified Secure Software Lifecycle Professional (CSSLP) – why should you become certified?
In today's interconnected world, security must be included within each phase of the sofware lifecycle. The Certified Secure Software Lifecycle Professional (CSSLP) Common Body of Knowledge (CBK) contains the largest, most comprehensive collection of best practices, policies, and procedures to ensure a security initiative across all phases of application development, regardless of methodology. Many organizations have already adopted CSSLP as the preferred credential to convey one's expertise in security on the software development lifecycle.

Standorte und Zeitplan

Lage

Beginn

Utrecht (Niederlande)
Karte ansehen

Beginn

auf Anfrage

Hinweise zu diesem Kurs

This 5-day training provides a comprehensive review of applications, security concepts and best practices, covering the 8 domains of the CSSLP CBK. The CSSLP training will help you:
validate your expertise in application security
conquer application vulnerabilities offering more value to your employer
demonstrate a working knowledge of application security
differentiate and enhance your credibility and marketability on a worldwide scale
break the penetrate and patch test approach
reduce production cost, vulnerabilities and delivery days
enhance the credibility of your organization and the development team
reduce loss of revenue and reputation due to a breach resulting from insecure software
Ensure compliance with government or industry regulations

Each software lifecycle stakeholder is responsible for a certain phase of the SDLC, but all phases must have security built into them. Certified Secure Software Lifecycle Professional (CSSLP) is intended for all stakeholders involved in the process of developing software. Each of the CSSLP domains covers how to build security into the different phases of the lifecycle.

The CSSLP training and certification are therefore meant for all stakeholders within the software lifecycle, like IT managers, security managers, project managers, auditors and software professionals such as software architects, software engineers, application security specialists, software program managers, business analysts, quality assurance testers, penetration testers and software procurement analysts.

Fragen & Antworten

Ihre Frage hinzufügen

Unsere Berater und andere Nutzer werden Ihnen antworten können

Wer möchten Sie Ihre Frage beantworten?

Geben Sie Ihre Kontaktdaten ein, um eine Antwort zu erhalten

Es werden nur Ihr Name und Ihre Frage veröffentlicht.

Emagister S.L. (Verantwortlicher) verarbeitet deine Daten, um Werbeaktionen (per E-Mail und/oder Telefon) durchzuführen, Bewertungen zu veröffentlichen oder Vorfälle zu bearbeiten. In der Datenschutzrichtlinie erfährst du mehr über deine Rechte und kannst dich abmelden.

Meinungen

Themen

  • Software
  • Privacy
  • Ict
  • Secure Network
  • Professional
  • Csslp
  • IMF
  • International
  • Authentication
  • Authorization

Dozenten

IMF Academy (IMF)

IMF Academy (IMF)

IT, Information Technology, Finance, Project Management, Security, Tax

IMF is an independent publisher of distance learning courses and organizer of hot topical classroom based trainings and in-company trainings. Should you have questions of suggestions, please contact us at +31 40 246 02 20 or info@imfacademy.com

Inhalte

DOMAIN I

SECURE SOFTWARE CONCEPTS

Understand secure software concepts, methodologies, and implementation within centralized and decentralized environments across the enterprise's computer systems.

  • Core Concepts
  • Security Design Principles

DOMAIN II

SECURE SOFTWARE REQUIREMENTS

Understand the security controls required during the requirements gathering phase of the Secure Software Development Lifecycle.

  • Identify internal and external security requirements
  • Interpret data classification requirements
  • Identify privacy requirements
  • Develop misuse and abuse cases
  • Include security in software requirement specifications
  • Develop security requirement traceability matrix

DOMAIN III

SECURE SOFTWARE DESIGN

Understand the techniques of performing attack surface analysis and conducting threat modeling, as well as being able to identify and review the countermeasures that mitigate risk.

  • Perform threat modeling
  • Define the security architecture
  • Performing secure interface design
  • Performing architectural risk assesment
  • Modeling (non-functional) security properties and constraints
  • Model and classify data
  • Evaluate and select reusable secure design
  • Perform design security review
  • Design secure assembly architecture for component-based systems
  • Use security enhancing architecture and design tools
  • Use secure design principles and patterns

DOMAIN IV

SECURE LIFECYCLE MANAGEMENT

Learn about unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation.

  • Follow secure coding practices
  • Analyze code for security vulnerabilities
  • Implement security controls
  • Fix security vulnerabilities
  • Look for malicious code
  • Securely reuse third party code or libraries
  • Securely integrate components
  • Apply security during the build process
  • Debug security errors
  • Perform design security review
  • Design secure assembly architecture for component-based systems
  • Use security enhancing architecture and design tools
  • Use secure design principles and patterns

DOMAIN V

SECURE SOFTWARE TESTING

Know the standards for software quality assurance, and understand the concepts of functional and security testing, interoperability testing, bug tracking and testing of high priority code.

  • Develop security test cases
  • Develop security testing strategy and plan
  • Identify undocumented functionality
  • Interpret security implications of test results
  • Classify and track security errors
  • Secure test data
  • Develop or obtain security test data
  • Perform verification and validation testing

DOMAIN VI

SOFTWARE LIFECYCLE MANAGEMENT

Know the methods for determining completion criteria, risk acceptance and documentation (e.g., DRP and BCP), common criteria and methods of independent testing.

  • Secure configuration and version control
  • Establish security milestones
  • Choose a secure software methodology
  • Identify security standards and frameworks
  • Create security documentation
  • Develop security metrics
  • Decommission software
  • Report security status
  • Support governance, risk and compliance (GRC)

DOMAIN VII

SOFTWARE DEPLOYMENT, OPERATIONS, MAINTENANCE AND DISPOSAL

Know how to evaluate reports of vulnerabilities and release security advisories and updates when appropriate. Know how to conduct a post-mortem of reported vulnerabilities and take action as necessary, be familiar with procedures and security measures when a product reaches its end of life.

  • Perform implementation risk analysis
  • Release software securely
  • Securely store and manage security data
  • Ensure secure installation
  • Perform post-deployment security testing
  • Obtain security approval to operate
  • Perform security monitoring (e.g., managing error logs, audits, meeting SLAs, CIA metrics)
  • Support incident response
  • Support patch and vulnerability management
  • Support continuity of operations

DOMAIN VIII

SUPPLY CHAIN AND SOFTWARE ACQUISITION

Know how to establish a process for interacting with suppliers on issues such as vulnerability management, service level agreement (SLA) monitoring, and chain of custody troughout the source code development and maintenance lifecycle.

  • Analyze security of third party software
  • Verify pedigree and provenance
  • Provide security support to the acquisition process

Zusätzliche Informationen

For more information, please take a look at our website: https://www.imfacademy.com/areasofexpertise/security_management/certified-secure-software-lifecycle-professional-csslp.php

Verwandte Kategorien

Certified Secure Software Lifecycle Professional (CSSLP)

3.500 € MwSt.-frei