Earning the globally recognized CSSLP secure software development certification is a proven way to build your career and better incorporate security practices into each phase of the software development lifecycle (SDLC).

CSSLP certification recognizes leading application security skills. It shows employers and peers you have the advanced technical skills and knowledge necessary for authentication, authorization and auditing throughout the SDLC using best practices, policies and procedures established by the cybersecurity experts at ISC2.

Prove your skills, advance your career, and gain support from a community of cybersecurity leaders here to help you throughout your professional journey.

Already Have a Peace of Mind Voucher? Learn how to redeem it now.

CSSLP Quick Glance

SECURE SOFTWARE DEVELOPMENT

Shows software development and security professionals have the expertise to apply best practices throughout the secure software development lifecycle.

WHAT TO EXPECT ON THE CSSLP EXAM

Domain 1. Secure Software Concepts

Domain 2. Secure Software Lifecycle Management

Domain 3. Secure Software Requirements

Domain 4. Secure Software Architecture and Design

Domain 5. Secure Software Implementation

Domain 6. Secure Software Testing

Domain 7. Secure Software Deployment, Operations, Maintenance

Domain 8. Secure Software Supply Chain

Who Earns the CSSLP?

The CSSLP is ideal for software development and security professionals responsible for applying best practices to each phase of the SDLC – from software design and implementation to testing and deployment – including those in the following positions:

• Software Architect

• Software Engineer

• Software Developer

• Application Security Specialist

• Software Program Manager

• Quality Assurance Tester

• Penetration Tester

• Software Procurement Analyst

• Project Manager

• Security Manager

• IT Director/Manager

• What to Expect

• The CSSLP exam evaluates your expertise across eight security domains. Think of the domains as topics you need to master based on your professional experience and education.

Necessary Work Experience

To qualify for this certification, you must pass the exam and have at least four years of cumulative, paid work experience as a software development lifecycle professional in one or more of the eight domains of the ISC2 CSSLP Exam Outline.

Learn more about CSSLP Experience Requirements and how a relevant four-year degree can satisfy one year of required experience.

Don’t have enough experience yet? You can still pass the CSSLP exam and become an Associate of ISC2 while you earn the required work experience.

Get CSSLP Training that's Right for You

With self-paced or Online Instructor-Led and Classroom training, ISC2 has a training option to fit your schedule and learning style. Trainings, seminars, courseware and self-study aids from ISC2 or one of our many Official Training Providers help you get ready for the rigorous CSSLP exam by reviewing relevant domains and topics.

Explore Training

Experience Requirements

A candidate is required to have a minimum of four years of cumulative paid Software Development Lifecycle (SDLC) professional work experience in one or more of the eight domains of the ISC2 CSSLP CBK, or three years of cumulative paid SDLC professional work experience in one or more of the eight domains of the CSSLP CBK with a four-year degree leading to a Baccalaureate, or regional equivalent in Computer Science, Information Technology (IT) or related fields.

If you don’t have the required experience to become a CSSLP, you may become an Associate of ISC2 by successfully passing the CSSLP examination. You will then have five years to earn the four years required experience. You can learn more about CSSLP experience requirements and how to account for part-time work and internships at www.isc2.org/Certifications/CSSLP/CSSLP-Experience-Requirements.

Accreditation

CSSLP meets the stringent requirements of ANSI/ISO/IEC Standard 17024.

Job Task Analysis (JTA)

ISC2 has an obligation to its membership to maintain the relevancy of the CSSLP. Conducted at regular intervals, the Job Task Analysis (JTA) is a methodical and critical process of determining the tasks that are performed by CSSLP credential holders. The results of the JTA are used to update the examination. This process ensures that candidates are tested on the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.

CSSLP Examination Information

Length of exam                            3 hours

Number of items                          125

Item format                                   Multiple choice

Passing grade                              700 out of 1000 points

Language availability                   English

Testing center                               Pearson VUE Testing Center

CSSLP Examination Weights

Domains

Average Weight

1. Secure Software Concepts                                                 12%

2. Secure Software Lifecycle Management                            11%

3. Secure Software Requirements                                          13%

4. Secure Software Architecture and Design                           15%

5. Secure Software Implementation                                        14%

6. Secure Software Testing                                                      14%

7. Secure Software Deployment, Operations, Maintenance    11%

8. Secure Software Supply Chain                                            10%

Total                                                                                         100%

ISC2 Self-Study Tools Keep Your Skills Sharp

Studying on your own or looking for a supplement to your seminar courseware? Check out our official self-study tools:

• Official textbooks: What you need to know to be successful and review relevant domains.

• Official study guides: Strengthen your knowledge in a specific domain and get in more exam practice time.

• Official practice tests: Take full practice tests.

Complete the Certification Application Process

Once you receive notification that you have successfully passed the exam, you can start the online certification application process. This process attests that your assertions regarding professional experience are true, that you are in good standing within the cybersecurity industry. It also contains the agreements to abide by the ISC2 Code of Ethics and privacy policy.

Agree to the ISC2 Code of Ethics

All information security professionals who are certified by ISC2 recognize that such certification is a privilege that must be both earned and maintained. All ISC2 members are required to commit to fully support ISC2 Code of Ethics Canons:

• Protect society, the common good, necessary public trust and confidence, and the infrastructure.

• Act honorably, honestly, justly, responsibly, and legally.

• Provide diligent and competent service to principles.

• Advance and protect the profession.