International Management Forum

Certified Secure Software Lifecycle Professional (CSSLP)

Beroepsbeeld: waar werk je en wat doe je?

Als Certified Secure Software Lifecycle Professional (CSSLP) beschikt u over een holistisch begrip van security best practices, policies en procedures gedurende alle fasen van de software ontwikkel levenscyclus. U kunt veilige applicaties ontwikkelen die weerbaar zijn tegen aanvallen en die beantwoorden aan alle eisen op het gebied van compliance, kwaliteit, functionaliteit en assurance. Uiteraard kunt u ook als adviseur optreden voor anderen bij het ontwikkelen van veilige software.

Opleidingsinhoud

DOMEIN I
SECURE SOFTWARE CONCEPTS
Understand secure software concepts, methodologies, and implementation within centralized and decentralized environments across the enterprise's computer systems.
Core concepts
Security design principles

DOMEIN II
SECURE SOFTWARE REQUIREMENTS
Understand the security requirements in the requirements gathering phase of the Secure Software Development Lifecycle (SDLC)
Identify internal and external security requirements
Interpret data classification requirements
Identify privacy requirements
Develop misuse and abuse cases
Include security in software requirement specifications
Develop security requirement traceability matrix

DOMEIN III
SECURE SOFTWARE DESIGN
Understand the techniques of performing attack surface analysis and conducting threat modeling, as well as being able to identify and review the countermeasures that mitigate risk.
Perform threat modeling
Define the security architecture
Performing secure interface design
Performing architectural risk assesment
Modeling (non-functional) security properties and constraints
Model and classify data
Evaluate and select reusable secure design
Perform design security review
Design secure assembly architecture for component-based systems
Use security enhancing architecture and design tools
Use secure design principles and patterns

DOMEIN IV
SECURE SOFTWARE IMPLEMENTATION/PROGRAMMING
Learn about unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation.
Follow secure coding practices
Analyze code for security vulnerabilities
Implement security controls
Fix security vulnerabilities
Look for malicious code
Securely reuse third party codelibraries
Securely integrate components
Apply security during the build process
Debug security errors
Perform design security review
Design secure assembly architecture for component-based systems
Use security enhancing architecture and design tools
Use secure design principles and patterns

DOMEIN V
SECURE SOFTWARE TESTING
Know the standards for software quality assurance, and understand the concepts of functional and security testing, interoperability testing, bug tracking and testing of high priority code.
Develop security test cases
Develop security testing strategy and plan
Identify undocumented functionality
Interpret security implications of test results
Classify and track security errors
Secure test data
Developobtain security test data
Perform verification and validation testing

DOMEIN VI
SOFTWARE LIFECYCLE MANAGEMENT
Know the methods for determining completion criteria, risk acceptance and documentation (e.g., DRP and BCP), common criteria and methods of independent testing.
Secure configuration and version control
Establish security milestones
Choose a secure software methodology
Identify security standards and frameworks
Create security documentation
Develop security metrics
Decommission software
Report security status
Support governance, risk and compliance (GRC)

DOMEIN VII
SOFTWARE DEPLOYMENT, OPERATIONS, MAINTENANCE AND DISPOSAL
Know how to evaluate reports of vulnerabilities and release security advisories and updates when appropriate. Know how to conduct a post-mortem of reported vulnerabilities and take action as necessary, be familiar with procedures and security measures when a product reaches its end of life.
Perform implementation risk analysis
Release software securely
Securely store and manage security data
Ensure secure installation
Perform post-deployment security testing
Obtain security approval to operate
Perform security monitoring (e.g., managing error logs, audits, meeting SLAs, CIA metrics)
Support incident response
Support patch and vulnerability management
Support continuity of operations

DOMEIN VIII
SUPPLY CHAIN AND SOFTWARE ACQUISITION
Know how to establish a process for interacting with suppliers on issues such as vulnerability management, service level agreement (SLA) monitoring, and chain of custody troughout the source code development and maintenance lifecycle.
Analyze security of third party software
Verify pedigree and provenance
Provide security support to the acquisition process

Opleidingsduur

5 dagen

Kosten

De kosten van de 5-daagse Certified Secure Software Lifecycle Professional (CSSLP) training bedragen 3.500,- (excl. BTW) per persoon. Dit bedrag is inclusief alle lunches, koffie/thee en het trainingsmateriaal. Het CSSLP examen is niet inbegrepen. Het inschrijfgeld voor het examen bedraagt ongeveer 550,- (excl. BTW) per persoon.

Gratis informatie aanvragen

Vul hieronder jouw gegevens in, dan krijg je gratis informatie toegestuurd.

  • De ingevoerde (persoons)gegevens worden door de geselecteerde opleidingsaanbieder(s) gebruikt om de gestelde vraag te beantwoorden;
  • Indien gewenst mag de onderwijsinstelling waar ik mijn aanvraag naar stuur mijn gegevens bewaren om mij van advies te voorzien;
  • Ik ben tenminste 16 jaar oud, of heb toestemming van mijn ouders of voogd om deze informatieaanvraag te verzenden;
  • De privacy statement en algemene voorwaarden van Stichting ROC.nl zijn van toepassing.