Top of Page

Certified Secure Software Lifecycle Professional


Rise to the Challenge of Making Applications Safer

Too often there’s a “patch approach” to keeping software and applications safe — but not on your watch. You make sure security isn’t an after-thought.

Prove you’re an expert with the CSSLP: a global software security certification that recognizes those who have leading application security skills.

As a CSSLP, you have an internationally-recognized ability to incorporate security practices — authentication, authorization and auditing — into each phase of the software development lifecycle (SDLC). The CSSLP shows you can:

  • Develop an application security program in your organization
  • Reduce production costs, source code vulnerabilities and delivery delays.
  • Enhance the credibility of your organization and your team.
  • Reduce losses due to insecure software breaches.
Make a difference in your career starting today. Get your CSSLP.

Steps to Certification

  1. Step 1
  2. Step 2
  3. Step 3
  4. Step 4

Get the Needed Experience

To qualify for the CSSLP, you must have:

  • A minimum of four years of cumulative, paid, full-time Software Development Lifecycle (SDLC) professional experience
  • In one or more of the eight domains of the CSSLP Common Body of Knowledge (CBK)

Earning a four-year college degree or regional equivalent will satisfy one year of the required experience. Education credit will only satisfy one year of experience.

Don’t have the required work experience yet? You can take and pass the CSSLP exam to earn an Associate of (ISC)² designation. Then, you’ll have up to five years to earn your required work experience for the CSSLP.

Create an Account at Pearson VUE and Schedule Your Exam

To schedule an exam, you must create an account at Pearson VUE.

Pearson VUE is the leading provider of global, computer-based testing for certification and licensure exams. You can find details on testing locations, policies, accommodations and more on their website.

Once you’ve set up your account and are ready to register, you’ll need to:

Pass the Exam

This is the day to show your greatness! You’ll have four hours to complete the 175 exam questions.

You must pass the exam with a scaled score of 700 points or greater.

Want more details? Read our exam scoring FAQs.

Subscribe to the (ISC)² Code of Ethics and Get Endorsed

Let’s say you pass the exam. Then what?

Before this software security certification can be awarded, you have to:

  • Subscribe to the (ISC)² Code of Ethics.
  • Have your application endorsed.

Your endorsement form must be completed and signed by an (ISC)² certified professional. He or she needs to be an active member who can confirm your professional experience.

(ISC)² can endorse you if you can’t find a certified individual.

You have nine months from the date of the exam to complete these steps. If you don’t, you have to retake the exam to get certified.

Want to learn more? Read our endorsement assistance guidelines.

Get to Know the CSSLP

  • Why Become a CSSLP Why Become a CSSLP

    Here are just a few reasons to earn your CSSLP certification:

    • Instant credibility. The CSSLP proves you’re a subject matter expert in application security. It shows you have desirable skills for employers around the world, giving you more opportunities.
    • Increased compensation. While pay practices vary by employer, many CSSLPs find that this software security certification can lead to pay gains and “skill premiums.”
    • Relevant, new knowledge. Earning the CSSLP is a great way to expand your security knowledge, in addition to affirming your expertise. It offers continuing education, so you can keep your skills current and relevant.
    • Versatile skills. The CSSLP isn’t product specific, so you can easily apply your skills to different technologies and methodologies.
    • A broader perspective. As a CSSLP, you have a holistic understanding of best practices, policies and procedures throughout the software development life cycle. And you have the skills to advise others on how to build secure software. This expertise can set you up for new jobs and opportunities.
    • Better protect your organization. You make software safer. You make the world safer. Simple as that. As a CSSLP, you have the power to protect your organization — and all the people counting on it to keep their sensitive data safe.

    What the Industry Is Saying About the CSSLP

    The CSSLP certification is accredited by the American National Standards Institute (ANSI). This means it complies with the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 17024 Standards. Why is accreditation important when choosing a certification program? Visit the Institute for Credentialing Excellence website for details.

  • Should You Pursue the CSSLP? Should You Pursue the CSSLP?

    When it comes to software security certifications, we know you have choices. The CSSLP is the right choice for you if you:

    • Are involved in any phase of the software development lifecycle (SDLC), and you’re responsible for application security practices.
    • Want to show initiative. You’re always looking for new ways to challenge yourself and create safer applications from desktop to cloud.
    • Want to stay on top of your craft. You need to stay current, so you can conquer new application vulnerabilities.
    • Would like to be seen as the subject matter expert on security vulnerabilities — such as with application stacks, single sign-on initiatives or webhook integrations.
    • Want to ensure that security is not an after-thought in software development.
    • Need to better engage your key stakeholders throughout application development.
    • Want to do your best to protect your organization and keep sensitive data safe.

    The CSSLP is ideal for those working in roles such as:

    • Software Architect
    • Software Engineer
    • Software Developer
    • Application Security Specialist
    • Software Program Manager
    • Quality Assurance Tester
    • Penetration Tester
    • Software Procurement Analyst
    • Project Manager
    • Security Manager
    • IT Director/Manager

  • Get the CSSLP Exam Outline Get the CSSLP Exam Outline
    The exam outline is a free resource that details the major topics and subtopics within the domains that are covered on the CSSLP exam. Reviewing this outline will help you determine which topics you may feel less confident about and develop a study plan around those topics.

    CSSLP Exam Outline
  • Getting CSSLP Training That’s Right for You Getting CSSLP Training That’s Right for You

    Prepare for your CSSLP exam through a combination of training courses and individual study. And learn from (ISC)² — the creator of the CSSLP CBK!

    Simply choose the best training format for your schedule, needs and learning style.


    Classroom-Based Training

    • Ideal for hands-on learners. We offer the most thorough review of the CSSLP CBK, industry concepts and best practices.
    • Five-day training events delivered in a classroom setting. Eight hours a day.
    • Available at (ISC)² facilities and through (ISC)² Official Training Providers worldwide.
    • Led by authorized instructors.

    Get details on Classroom-Based Training.


    Private On-Site Training

    • A cost-effective and convenient training solution if your organization has 10 or more employees taking the exam.
    • Tailored to your team’s schedule, budget and certification requirements.
    • Conveniently taught in your office space or a local venue.
    • Led by authorized instructors

    Get details on Private On-Site Training.


    Instructor-Led Training

    • Participate from the convenience of your computer. This saves you travel time and expense.
    • Weekday, weekend and evening options to fit your needs.
    • Comprehensive review of the CBK, so you’re ready for this cybersecurity certification.
    • Delivered in a variety of schedules with weekday, weekend, and evening options to suit your needs.
    • Access to recordings of all course sessions for 60 days.
    • Led by authorized instructors.

    Get details on Instructor-Led Seminars. >

    CSSLP Training Course Overview

    Our training helps you fully prepare for this software security certification. You will:

    • Review and refresh your information security knowledge (including information security concepts and industry best practices).
    • Identify areas you need to study for the CSSLP exam.

    You can expect an in-depth review of the eight domains of the CSSLP CBK — including discussion of industry best practices and timely software security concepts.

    (ISC)² authorized instructors lead all our training. You’re learning from industry experts who understand you. They know how to make the content highly relatable. And they go through a rigorous process to teach to our CBK.

    Plus, we use proven adult learning techniques to reinforce topics. This approach increases how much information you retain. Our techniques are highly interactive. They focus on real-world learning activities and scenarios, so you get the most out of training.

    Self-Study Tools

    In addition to training, we offer resources to help you with self-study. Our resources include the: 

  • Taking Your CSSLP Exam Taking Your CSSLP Exam
    Length of exam Up to 4 Hours
    Number of questions    175 Questions
    Question format Multiple Choice
    Passing grade A passing score is 700 out of 1000 points
    Exam Languages English
    Testing Center Pearson Vue Testing Center


    Ready to sign up for the exam? Visit the Pearson VUE website to create an account and book your exam.

  • Maintaining or Regaining CSSLP Certification Maintaining or Regaining CSSLP Certification

    Maintaining or Regaining Your CSSLP Certification

    Once you’ve earned this software security certification, you become a member of (ISC)². You enter one of the largest communities of information security professionals in the world. You gain access to unparalleled global resources and networking.

    Quite simply, you have endless opportunities to grow and refine your craft.

    But certification is a privilege that must be earned and maintained.

    To remain in good standing with your CSSLP, you need to:

    • Abide by the (ISC)² Code of Ethics.
    • Earn and post Continuing Professional Education (CPE) credits.
    • Pay your Annual Maintenance Fee (AMF).

    Here’s a closer look at each.

    Abiding by the (ISC)² Code of Ethics
    You agree to fully support and follow the (ISC)² Code of Ethics.

    Earning and Posting CPE Credits
    Software security is constantly changing. (You know this well!) You need to earn CPE hours to stay well-rounded and keep up your expertise.

    For the CSSLP, you need to earn and post a minimum of 30 CPE credits per year. You need to do so before your certification annual anniversary date.

    CPEs may sound like a big task. However, (ISC)² makes it easy for you to earn your CPE credits on a regular basis.

    We offer access to:

    • Live educational events around the world.
    • Online seminars that can be taken in the comfort of your home or office. They’re available exclusively to (ISC)² members.
    • And many more learning opportunities.

    Paying Annual Maintenance Fees (AMFs)
    Once you earn this software security certification, you must pay USD$100 each year of your three-year certification cycle. Your payment is due before your certification or recertification annual anniversary date.

    Your payments help ensure that (ISC)² has the financial resources to:

    • Be a functional, dynamic entity for leading information security professionals (like you) far into the future.
    • Develop more CPE opportunities.
    • Continue to meet the certification needs and requirements of information security professionals.
    • Maintain member records.

    How to Regain Membership if Your CSSLP Ceases
    If you wish to regain membership, you’ll need to:

    • Pay any outstanding AMF payments. (This needs to take place before you sit for the exam.)
    • Retake and pass the exam to become certified again.
    • Contact Member Services to reactivate your certification after you pass the exam.

    Do you have questions about maintaining your CSSLP certification? Ask Member Services.

Free CSSLP Ultimate Guide

Show Them You’re the AppSec Guru

Download Your Free CSSLP Ultimate Guide