ISHPI – Official Site

Certified Secure Software Lifecycle Professional

Rise to the Challenge of Making Applications Safer

Too often there’s a “patch approach” to keeping software and applications safe — but not on your watch. You make sure security isn’t an after-thought.

Prove you’re an expert with the CSSLP: a global software security certification that recognizes those who have leading application security skills.

As a CSSLP, you have an internationally-recognized ability to incorporate security practices — authentication, authorization and auditing — into each phase of the software development lifecycle (SDLC). The CSSLP shows you can:

  • Develop an application security program in your organization
  • Reduce production costs, source code vulnerabilities and delivery delays.
  • Enhance the credibility of your organization and your team.
  • Reduce losses due to insecure software breaches.

Make a difference in your career starting today. Get your CSSLP.

Get To Know The CSSLP

Get the Needed Experience

To qualify for the CSSLP, you must have:

  • A minimum of four years of cumulative, paid, full-time Software Development Lifecycle (SDLC) professional experience
  • In one or more of the eight domains of the CSSLP Common Body of Knowledge (CBK)

A candidate is required to have a minimum of four years of cumulative paid full-time Software Development Lifecycle (SDLC) professional work experience in one or more of the eight domains of the (ISC)²® CSSLP CBK, or three years of cumulative paid full-time SDLC professional work experience in one or more of the eight domains of the CSSLP CBK with a four-year degree leading to a Baccalaureate, or regional equivalent in Computer Science, Information Technology (IT) or related fields. Don’t have the required work experience yet? You can take and pass the CSSLP exam to earn an Associate of (ISC)² designation. Then, you’ll have up to five years to earn your required work experience for the CSSLP.

Create an Account at Pearson VUE and Schedule Your Exam

To schedule an exam, you must create an account at Pearson VUE. Pearson VUE is the leading provider of global, computer-based testing for certification and licensure exams. You can find details on testing locations, policies, accommodations and more on their website. Once you’ve set up your account and are ready to register, you’ll need to:

Pass the Exam

This is the day to show your greatness! You’ll have four hours to complete the 175 exam questions. You must pass the exam with a scaled score of 700 points or greater. Want more details? Read our exam scoring FAQs.

Subscribe to the (ISC)² Code of Ethics and Get Endorsed

Let’s say you pass the exam. Then what? Before this software security certification can be awarded, you have to:

  • Subscribe to the (ISC)² Code of Ethics.
  • Have your application endorsed.

Your endorsement form must be completed and signed by an (ISC)² certified professional. He or she needs to be an active member who can confirm your professional experience. (ISC)² can endorse you if you can’t find a certified individual. You have nine months from the date of the exam to complete these steps. If you don’t, you have to retake the exam to get certified. Want to learn more? Read the endorsement assistance guidelines.

Here are just a few reasons to earn your CSSLP certification:

  • Instant credibility. The CSSLP proves you’re a subject matter expert in application security. It shows you have desirable skills for employers around the world, giving you more opportunities.
  • Increased compensation. While pay practices vary by employer, many CSSLPs find that this software security certification can lead to pay gains and “skill premiums.”
  • Relevant, new knowledge. Earning the CSSLP is a great way to expand your security knowledge, in addition to affirming your expertise. It offers continuing education, so you can keep your skills current and relevant.
  • Versatile skills. The CSSLP isn’t product specific, so you can easily apply your skills to different technologies and methodologies.
  • A broader perspective. As a CSSLP, you have a holistic understanding of best practices, policies and procedures throughout the software development life cycle. And you have the skills to advise others on how to build secure software. This expertise can set you up for new jobs and opportunities.
  • Better protect your organization. You make software safer. You make the world safer. Simple as that. As a CSSLP, you have the power to protect your organization — and all the people counting on it to keep their sensitive data safe.
What the Industry Is Saying About the CSSLP

The CCSP is ANSI-Accredited

The CSSLP certification is accredited by the American National Standards Institute (ANSI). This means it complies with the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 17024 Standards. Why is accreditation important when choosing a certification program? Visit the Institute for Credentialing Excellence website for details.

When it comes to software security certifications, we know you have choices. The CSSLP is the right choice for you if you:

  • Are involved in any phase of the software development lifecycle (SDLC), and you’re responsible for application security practices.
  • Want to show initiative. You’re always looking for new ways to challenge yourself and create safer applications from desktop to cloud.
  • Want to stay on top of your craft. You need to stay current, so you can conquer new application vulnerabilities.
  • Would like to be seen as the subject matter expert on security vulnerabilities — such as with application stacks, single sign-on initiatives or webhook integrations.
  • Want to ensure that security is not an after-thought in software development.
  • Need to better engage your key stakeholders throughout application development.
  • Want to do your best to protect your organization and keep sensitive data safe.
The CSSLP is ideal for those working in roles such as:

  • Software Architect
  • Software Engineer
  • Software Developer
  • Application Security Specialist
  • Software Program Manager
  • Quality Assurance Tester
  • Penetration Tester
  • Software Procurement Analyst
  • Project Manager
  • Security Manager
  • IT Director/Manager

The exam outline is a free resource that details the major topics and subtopics within the domains that are covered on the CSSLP exam. Reviewing this outline will help you determine which topics you may feel less confident about and develop a study plan around those topics.

For a complete list of acronyms and terms you may encounter during your (ISC)² exam, reference the translated (ISC)² Certification Acronym and (ISC)² Certification Terms glossaries.

Prepare for your CSSLP exam through a combination of training courses and individual study. And learn from (ISC)² — the creator of the CSSLP CBK! Simply choose the best training format for your schedule, needs and learning style.

Classroom-Based Training
  • Ideal for hands-on learners. We offer the most thorough review of the CSSLP CBK, industry concepts and best practices.
  • Five-day training event delivered in a classroom setting. Eight hours a day.
  • Led by authorized instructors.

Get details on Classroom-Based Training.

Private On-Site Training

  • A cost-effective and convenient training solution if your organization has 10 or more employees taking the exam.
  • Tailored to your team’s schedule, budget and certification requirements.
  • Conveniently taught in your office space or a local venue.
  • Led by authorized instructors.

Get details on Private On-Site Training.

CSSLP Training Course Overview

Our training helps you fully prepare for this cloud security certification. You will:

  • Review, refresh and expand your cloud security knowledge. (including information security concepts and industry best practices).
  • Identify areas you need to study for the CSSLP exam.

You can expect an in-depth review of the eight domains of the CSSLP CBK — including discussion of industry best practices and timely software security concepts. (ISC)² authorized instructors lead all our training. You’re learning from industry experts who understand you. They know how to make the content highly relatable. And they go through a rigorous process to teach to our CBK. Plus, we use proven adult learning techniques to reinforce topics. This approach increases how much information you retain. Our techniques are highly interactive. They focus on real-world learning activities and scenarios, so you get the most out of training.

Self-Study Tools

In addition to training, (ISC)² offers resources to help you with self-study. Resources include:

Once you’ve earned this software security certification, you become a member of (ISC)². You enter one of the largest communities of information security professionals in the world. You gain access to unparalleled global resources and networking. Quite simply, you have endless opportunities to grow and refine your craft. But certification is a privilege that must be earned and maintained. To remain in good standing with your CSSLP, you need to:

  • Abide by the (ISC)² Code of Ethics.
  • Earn and post Continuing Professional Education (CPE) credits.
  • Pay your Annual Maintenance Fee (AMF).

Here’s a closer look at each.

Abiding by the (ISC)² Code of Ethics

You agree to fully support and follow the (ISC)² Code of Ethics.

Earning and Posting CPE Credits

Software security is constantly changing. (You know this well!) You need to earn CPE hours to stay well-rounded and keep up your expertise. Over the three-year CSSLP certification cycle, you must earn and post a minimum of 90 CPE credits. CPEs may sound like a big task. However, (ISC)² makes it easy for you to earn your CPE credits on a regular basis.

(ISC)² offer access to:

  • Live educational events around the world.
  • Online seminars that can be taken in the comfort of your home or office. They’re available exclusively to (ISC)² members.
  • And many more learning opportunities.
Paying Annual Maintenance Fees (AMFs)

Once you earn this software security certification, you must pay USD$100 each year of your three-year certification cycle. Your payment is due before your certification or recertification annual anniversary date. Your payments help ensure that (ISC)2 has the financial resources to:

  • Be a functional, dynamic entity for leading information security and IT professionals (like you) far into the future.
  • Develop more CPE opportunities.
  • Continue to meet the certification needs and requirements of information security professionals.
  • Maintain member records.
How to Regain Membership if Your CSSLP Ceases

If you wish to regain membership, you’ll need to:

  • Pay any outstanding AMF payments. (This needs to take place before you sit for the exam.)
  • Retake and pass the exam to become certified again.
  • Contact Member Services to reactivate your certification after you pass the exam.

Do you have questions about maintaining your CCSP certification? Ask Member Services.

What Certification Do You Want To Learn About Next?