CSSLP: Secure Software Design

This course is included in our On-demand training solution.


Security practices must be integrated in every aspect of software design. In this course, you’ll explore secure software design processes such as attack surface evaluation, threat modeling, control identification, and prioritization. You’ll also be introduced to specific design considerations to keep in mind like addressing core security concepts and interconnectivity. Finally, this course covers best practices for securing commonly used architecture and technologies like virtualization, database, and the programming language environment. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

Target Audience

Individuals interested in secure software lifecycle design concepts and methodologies; candidates for the Certified Secure Software Lifecycle Professional (CSSLP) exam



Expected Duration

150 min.

Course Objectives

Course Introduction

Attack Surface Evaluation

  • measure and minimize attack surface
  • Threat Modeling and Documentation

  • recognize threat modeling techniques and the purpose of documentation
  • Control Identification and Prioritization

  • identify characteristics of control identification and prioritization
  • Design and Architecture Technical Review

  • identify characteristics of design and architecture technical review
  • Risk Assessment for Code Reuse

  • identify characteristics of risk assessment for code reuse
  • Applicable Methods to Address Core Security Concepts

  • distinguish between applicable methods to address core security concepts
  • Security Design Principles

  • recognize security design principle best practices
  • Interconnectivity

  • distinguish between interconnectivity activities best practices
  • Interfaces

  • identify interfaces best practices
  • Distributed Computing

  • distinguish between the different architectural forms and supporting elements of secured distributed computing
  • Service-oriented Architecture

  • recognize best practices for securing service-oriented architecture
  • Rich Internet Applications

  • recognize best practices for securing rich Internet applications
  • Pervasive and Ubiquitous Computing

  • recognize best practices for securing pervasive and ubiquitous computing
  • Integrating with Existing Architectures

  • recognize best security practices when integrating with existing architectures
  • Cloud Architectures

  • recognize best practices for securing cloud architectures
  • Mobile Applications

  • recognize best practices for securing mobile applications
  • Authentication and Identity Management

  • distinguish between characteristics of authentication and identity management
  • Credential Management

  • recognize characteristics of credential management
  • Flow Control

  • distinguish between flow control methods
  • Logging

  • recognize characteristics of logging
  • Data Loss Prevention

  • recognize characteristics of data loss prevention
  • Virtualization

  • identify benefits of virtualization in secure software design
  • Digital Rights Management

  • recognize types of Rights Expression Language or REL in Digital Rights Management or DRM
  • Trusted Computing

  • recognize characteristics of trusted computing
  • Database Security

  • distinguish between database security techniques
  • Programming Language Environment

  • distinguish between compilers, interpreters, and hybrid source codes
  • Operating Systems

  • recognize characteristics of operating systems
  • Embedded Systems

  • distinguish between control systems and firmware
  • Exercise: Selecting Appropriate Security Methods