SC205: ISC2™ CSSLP Preparation

Security - Software Development - Certifications

Software developers and security professionals learn best practices for all phases of the Software Development Lifecycle (SDLC)—from design to implementation, testing, and deployment. The course specifically prepares for the CSSLP certification by ISC2™ and covers the full scope of the Common Body of Knowledge (CBK®), providing practical and comprehensive security expertise.

Presence training Presence training

Start: 2025-11-24 | 10:00 am

End: 2025-11-28 | 04:00 pm

Location: Nürnberg

Price: 3.450,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-02-09 | 10:00 am

End: 2026-02-13 | 04:00 pm

Location: Nürnberg

Price: 3.450,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-05-18 | 10:00 am

End: 2026-05-22 | 04:00 pm

Location: Nürnberg

Price: 3.450,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-09-14 | 10:00 am

End: 2026-09-18 | 04:00 pm

Location: Nürnberg

Price: 3.450,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-11-23 | 10:00 am

End: 2026-11-27 | 04:00 pm

Location: Nürnberg

Price: 3.450,00 € plus VAT.

Presence training Presence training

Start: 2025-11-24 | 10:00 am

End: 2025-11-28 | 04:00 pm

Location: Nürnberg

Price: 3.450,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-02-09 | 10:00 am

End: 2026-02-13 | 04:00 pm

Location: Nürnberg

Price: 3.450,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-05-18 | 10:00 am

End: 2026-05-22 | 04:00 pm

Location: Nürnberg

Price: 3.450,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-09-14 | 10:00 am

End: 2026-09-18 | 04:00 pm

Location: Nürnberg

Price: 3.450,00 € plus VAT.

Hybrid training Hybrid training

Start: 2026-11-23 | 10:00 am

End: 2026-11-27 | 04:00 pm

Location: Nürnberg

Price: 3.450,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

  • Domain 1: Secure software concepts
    • 1.1 Understand core concepts
    • 1.2 Understand security design principles

  • Domain 2: Secure software lifecycle management
    • 2.1 Manage security within a software development methodology (e.g., agile, waterfall)
    • 2.2 Identify and adopt security standards (e.g., implementing security frameworks, promoting security awareness)
    • 2.3 Outline strategy and roadmap
    • 2.4 Define and develop security documentation
    • 2.5 Define security metrics (e.g., criticality level, average remediation time, complexity, Key Performance Indicators (KPI), objectives and key results
    • 2.6 Decommission applications
    • 2.7 Create security reporting mechanisms (e.g., reports, dashboards, feedback loops)
    • 2.8 Incorporate integrated risk management methods
    • 2.9 Implement secure operation practices

  • Domain 3: Secure software requirements
    • 3.1 Define software security requirements
    • 3.2 Identify compliance requirements
    • 3.3 Identify data classification requirements
    • 3.4 Identify privacy requirements
    • 3.5 Define data access provisioning
    • 3.6 Develop misuse and abuse cases
    • 3.7 Develop security requirement traceability matrix
    • 3.8 Define third-party vendor security requirements

  • Domain 4: Secure software architecture and design
    • 4.1 Define the security architecture
    • 4.2 Perform secure interface design
    • 4.3 Evaluate and select reusable technologies
    • 4.4 Perform threat modeling
    • 4.5 Perform architectural risk assessment and design reviews
    • 4.6 Model (non-functional) security properties and constraints
    • 4.7 Define secure operational architecture (e.g., deployment topology, operational interfaces, Continuous Integration and Continuou Delivery (CI/CD))

  • Domain 5: Secure software implementation
    • 5.1 Adhere to relevant secure coding practices (e.g., standards, guidelines, regulations)
    • 5.2 Analyze code for security risks
    • 5.3 Implement security controls (e.g., watchdogs, file integrity monitoring, anti-malware)
    • 5.4 Address the identified security risks (e.g., risk strategy)
    • 5.5 Evaluate and integrate components
    • 5.6 Apply security during the build process

  • Domain 6: Secure software testing
    • 6.1 Develop security testing strategy & plan
    • 6.2 Develop security test cases
    • 6.3 Verify and validate documentation (e.g., installation and setup instructions, error messages, user guides, release notes)
    • 6.4 Identify undocumented functionality
    • 6.5 Analyze security implications of test results (e.g., impact on product management, prioritization, break/build criteria)
    • 6.6 Classify and track security errors
    • 6.7 Secure test data
    • 6.8 Perform verification and validation testing (e.g., independent/internal verification and validation, acceptance test)

  • Domain 7: Secure software deployment, operations, maintenance
    • 7.1 Perform operational risk analysis
    • 7.2 Secure configuration and version control
    • 7.3 Release software securely
    • 7.4 Store and manage security data
    • 7.5 Ensure secure installation
    • 7.6 Obtain security approval to operate (e.g., risk acceptance, sign-off at appropriate level)
    • 7.7 Perform information security continuous monitoring
    • 7.8 Execute the incident response plan
    • 7.9 Perform patch management (e.g. secure release, testing)
    • 7.10 Perform vulnerability management (e.g., tracking, triaging, Common Vulnerabilities and Exposures (CVE))
    • 7.11 Incorporate runtime protection (e.g., runtime application self protection (RASP), web application firewall (WAF), address space layout randomization (ASLR), dynamic execution prevention)
    • 7.12 Support continuity of operations
    • 7.13 Integrate service level objectives and service-level agreements (SLA) (e.g., maintenance, performance, availability, qualified personnel)

  • Domain 8: Secure Software Supply Chain
    • 8.1 Implement software supply chain risk management (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST)
    • 8.2 Analyze security of third-party software
    • 8.3 Verify pedigree and provenance
    • 8.4 Ensure and verify supplier security requirements in the acquisition process
    • 8.5 Support contractual requirements (e.g., intellectual property ownership, code escrow, liability, warranty, End-User License Agreement (EULA), service-level agreements (SLA))

Objectives:

The objective of the course SC205 ISC2™ CSSLP Preparation is to provide you with a comprehensive understanding of security-critical aspects throughout the software development lifecycle. You will learn how to integrate security from the outset into the software development process, thereby ensuring the development of secure applications.

Target audience:

The course SC205 ISC2™ CSSLP Preparation is aimed at:

  • Software Architect
  • Software Engineer
  • Software Developer
  • Application Security Specialist
  • Software Program Manager
  • Quality Assurance Tester
  • Penetration Tester
  • Software Procurement Analyst
  • Project Manager
  • Security Manager
  • IT Director/Manager

Prerequisites:

To effectively follow the pace and content of the course SC205 ISC2™ CSSLP Preparation and to qualify for certification, you must meet at least the following prerequisites:

  • At least four years of professional experience in the field of SDLC
  • Experience in one or more of the eight domains of the ISC2™ CSSLP Guide or three years of professional experience in one or more of the eight domains of the CSSLP Guide
  • Degree in Computer Science, Information Technology (IT), or related fields

Description:

The course SC205 ISC2™ CSSLP Preparation is ideal for software developers and security experts responsible for applying best practices in every phase of the SDLC - from software design and implementation to testing and deployment.
Simultaneously, they will be prepared for the ISC2™ CSSLP certification exam.
The broad range of topics in the Common Body of Knowledge (CBK®) of the CSSLP ensures the course's relevance for all disciplines of information security.

Other Info:

Course Language:
The course is conducted in German with English slides and can be offered in English if required.

Examination:
With the introduction of the new CBK, the examination has been switched to online exams at recognized Pearson VUE centers located in Hamburg, Berlin, Frankfurt, Düsseldorf, Munich, Leinfelden-Echterdingen. The exam must always be taken and paid for separately at a Pearson VUE Test Center and can be registered flexibly via the Pearson VUE homepage. The exam consists of 125 multiple-choice questions, which must be completed in a maximum of 3 hours. The exam is considered passed with a score of 700 out of 1000 points and is conducted in English. The entire procedure is explained in detail by the instructor during the training.

If a participant does not successfully pass the exam, we offer a free retake of the preparation course, provided it occurs within one year of the original course attendance. Please note that the costs for retake exams, travel, accommodation, and any potentially licensed training materials are not included.
check-icon

Guaranteed implementation:

from 2 Attendees

Booking information

Price:

3.450,00 € plus VAT.

(including lunch & drinks)

Exam:

The examination fee is not included in the price. However, it can be booked at PearsonVue.

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.