Launched in 2008, the CSSLP certification is designed for programmers, project managers, IT analysts or engineers involved in the SDLC. The certification's curriculum focuses on application vulnerabilities, risk and compliance issues that arise during the application development lifecycle and is broken down into eight domains:
- Secure Software Concepts
- Secure Software Requirements
- Software Design
- Secure Software Implementation/Coding
- Secure Software Testing
- Software Acceptance, Software Deployment
- Operations, Maintenance and Disposal
- Supply Chain and Software Acquisition
CSSLP is intended to help candidates validate their expertise in application security, be able to better handle application vulnerabilities and demonstrate a working knowledge of application security.
In order to be considered for the CSSLP certification, candidates must have at least four years cumulative paid full-time work experience in at least one of the eight domains of the CSSLP. Alternatively, candidates can substitute a year of this work experience with a four-year college degree in a related field.
The CSSLP exam takes four hours to complete and consists of 175 multiple choice questions. Candidate need to achieve a minimum of 700 out of 1000 points to pass the exam and gain the certification.