ISC2 Official Resources

1. CSSLP – Certified Secure Software Lifecycle Professional (ISC2 Official Certification Web Page)
2. *CSSLP Certification Exam Outline (Effective September 15, 2023)
3. CSSLP Study Tools and Resources
4. *CBK Suggested References

Recommended Resources

1. CSSLP Certification Exam Outline (Effective September 15, 2023)
2. Official (ISC)2 Guide to the CSSLP CBK, 2nd Edition (2013)
3. CSSLP Certified Secure Software Lifecycle Professional All-in-One Exam Guide, 3rd Edition (2022)

CBK Suggested References

1. A Guide to Building Secure Web Applications and Web Services 2.0 Black Hat Ed. by Abraham Kang, Adrian Wiesmann, et al. Publisher: OWASP. (Jul, 2005).
2. A Practical Guide to TPM 2.0: Using the New Trusted Platform Module in the New Age of Security by Will Arthur, David Challener. Publisher: Apress. (Jan, 2015).
3. Access Control, Authentication, and Public Key Infrastructure, 2nd Ed. by Mike Chapple, Bill Ballad, Tricia Ballad, Erin Banks. Publisher: Jones & Bartlett Learning. (Jul, 2013).
4. Agile Application Security by Laura Bell, Rich Smith, Michael Brunton-Spall, Jim Bird. Publisher: O’Reilly Media, Inc. (Jun, 2017).
5. Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Ed. by Bruce Schneier. Publisher: Wiley. (Mar, 2015).
6. CMMI for Development: Implementation Guide by Mukund Chaudhary, Abhishek Chopra. Publisher: Apress. (Dec, 2016).
7. Computer Security: Art and Science, 2nd Ed. by Matt Bishop. Publisher: Addison-Wesley Professional. (Nov, 2018).
8. Core Software Security: Security at the Source by Anmol Misra, James F. Ransome. Publisher: Auerbach Publications. (Oct, 2018).
9. Cybersecurity – Attack and Defense Strategies, 2nd Ed. by Erdal Ozkaya and Yuri Diogenes. Publisher: Packt Publishing. (Dec, 2019).
10. Enterprise Software Security: A Confluence of Disciplines by Kenneth R. van Wyk, Mark G. Graff, Dan S. Peters, Diana L. Burley. Publisher: Addison-Wesley Professional. (Dec, 2014).
11. Hacker Techniques, Tools, and Incident Handling, 2nd Ed. by Sean-Philip Oriyano. Publisher: Jones & Bartlett Learning. (Aug, 2013).
12. Hands-On Security in DevOps by Tony Hsu. Publisher: Packt Publishing. (Jul, 2018).
13. Improper Error Handling by Jeremy Ferragamo, Wichers, Jim Bird. Publisher: OWASP. (Dec, 2021).
14. Information Security: Principles and Practices, 2nd Ed. by Mark S. Merkow, Jim Breithaupt. Publisher: Pearson IT Certification. (Jun, 2014).
15. IT Release Management: A Hands-on Guide by Dave Howard. Publisher: CRC Press. (Apr, 2016).
16. IT Security Risk Control Management: An Audit Preparation Plan by Raymond Pompon. Publisher: Apress. (Sep, 2016).
17. Lessons Learned in Software Testing: A Context-Driven Approach by Bret Pettichord, Cem Kaner, James Marcus Bach. Publisher: Wiley. (Dec, 2001).
18. Logging and Log Management by A. Chuvakin, K. Schmidt. Publisher: Syngress. (Dec, 2012).
19. Mastering the Requirements Process: Getting Requirements Right v3.0 by S. Robertson, J. Robertson. Publisher: Addison-Wesley Professional. (Aug, 2012).
20. NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).
21. NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).
22. NIST SP 800-60, Vol. 1, Rev. 1, Guide for Mapping Types of Information and Information Systems to Security Categories by Kevin Stine, Rich Kissel, William C. Barker, Jim Fahlsing, Jessica Gulick. (Aug, 2008).
23. NIST SP 800-88, Guidelines for Media Sanitization by Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine. (Dec, 2014).
24. NIST IR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems by Jon Boyens, Celia Paulsen, Nadya Bartol, Stephany A. Shankles, Rama Moorthy. (Oct, 2012).
25. Official (ISC)² Guide to the CSSLP, 2nd Ed. by Mano Paul. Publisher: Auerbach Publications. (Aug, 2013).
26. OWASP Testing Guide, Release 4.0 by Matteo Meucci, Andrew Muller. Publisher: OWASP. (Dec, 2014).
27. Penetration Testing: A Survival Guide by W. Halton, B. Weaver, J. Ansari, S. Kotipalli, M. Imran. Publisher: Packt Publishing. (Jan, 2017).
28. Security Risk Management by Evan Wheeler. Publisher: Syngress. (Apr, 2011).
29. Software Testing Foundations: A Study Guide for the Certified Tester Exam, 4th Ed. by Andreas Spillner. Publisher: Rocky Nook. (Feb, 2014).
30. Web Application Firewalls by Chad Russell. Publisher: O’Reilly Media, Inc. (Apr, 2018).