The best books to refer for CSSLP
(ISC)2 provide certification for IT Professionals expert in software security to implement themselves in the development of software itself. These certified professionals look into the core of software design and follow each and every step of software development so that the security features in the software doesn't leave any loop hole for illegal activities. By providing security by this method, one can reduce the cost of security implement in the later stage, adjust the path and development of the software to implement further security and reduce many vulnerabilities otherwise produced in the software. CSSLP (Certified Secure Software Lifecycle Professional) certification take care of this features.
CSSLP is best for the professionals who are already working in software lifecycle development and have knowledge about security implementations in the software. To certify yourselves with CSSLP, you must have 4 years of professional experience with software development lifecycle. This requirement can be reduced to 3 years if one have a valid four year college degree. To register for this exam, you must visit pearsonvue website at www.pearsonvue.com/isc2. The exam fees for this certification is USD 549.
CSSLP exam consist of 175 multiple choice questions to be solved in 4 hours. Like every other (ISC)2 exams the passing score is 700 out of 1000. This score is calculated with special algorithm developed by (ISC)2 to grade the difficulty of all questions equally.
The best book to prepare for this exam is the 'Official (ISC)2 Guide to the CSSLP, 2nd edition'. This text book contains all the major domains based on which the exam questions are formulated. The major domains are:
- Concepts of secure software
- Requirements of secure software
- Design of secure software
- Coding and implementation of secure software
- Testing of secure software
- Software acceptance
- Maintenance, deployment and operations of the software
- Software acquisition and supply chain.
This book acts as the official guide to the candidates. It contains the detailed overview of the steps to be followed while integrating security measures throughout software lifecycle. This book adapts various methods to make the point like illustrations, tables, comparison charts and so on.
Also (ISC)2 provides list of various references to be followed to prepare for the exam. Although they are not formulated for the examination, they can give a clear picture of what is available and what to expect in the lifecycle management of software.
Some of the best resources pointed out by (ISC)2 are:
- What Developers and IT Professionals Should Know by Chess B
- The Process of Software Architecting by Eeles P
- Systems and Software Engineering -- Systems and Software Assurance.
- Fundamental Practices for Secure Software Development by Simpson S
- Security Quality Requirements Engineering by Mead N
- Cryptography in the Database: The Last Line of Defense by Kenan K
- Reversing: Secrets of Reverse Engineering by Eilam E
- Software Performance and Scalability: A Quantitative Approach by Liu H
- Introduction to the Team Software Process by Humphrey
These books can provide deeper knowledge into the software security. These are only additional books for referencing and you must take care the data provided are correct. Always rely on the text book/ official guide as it is considered the perfect preparation tool.
For CSSLP certification, one must opt for the training provided by (ISC)2. There are two types of training provided by (ISC)2. The first one is the Instructor led Classroom training. This is conducted for a span of 4 days with each day having 8 hours of teaching. This method is best suited for candidate's who have a short span to prepare. Tutors also provide hands-on experience to many of the modules. The next method of teaching is the Live On-line training. This training is spread over 7 weeks with each week having two 2.5 hour sessions. This is the best option for candidate who have enough time to prepare.
Following the textbook and attending the training can make a difference in exam preparation. Proper time management and preparation can help in gaining this certification easily.