(ISC)² ® CSSLP Domain 5: Secure Software Testing (14%)

Domain 5: Secure Software Testing (14%) During the software development process, vulnerabilities are discovered through software testing. This CSSLP domain accounts for 14% of the exam weightage, which comprehends how to develop security test cases, methodologies, and security testing plans. It also covers how to check and verify documentation (e.g., installation and setup instructions, problem warnings, user guides, and release notes), how to discover undocumented functionality, and how to analyze the security implications of test results (e.g., impact on product management, prioritization, and break build criteria). The candidate is required to be knowledgeable about the following topics in this domain: Develop security test cases Develop a security testing strategy and plan Verify and validate the documentation Identify undocumented functionality Analyze security implications of test results Classify and track security errors Secure test data Perform verification and validation testing