This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP AppSec DC 2012/Training/Certified Secure Software Lifecycle Professional (CSSLP) Clinic

Revision as of 04:21, 19 March 2012 by Dallendoug (talk | contribs) (changed course length to 4 hours.)

Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center |


Date: April 3rd 2012

'Course Length: 4 Hour

Educate yourself in Secure Software Design and Development which are two of the seven domains from the Certified Secure Software Lifecycle Professional (CSSLP) certification. This session will provide an in-depth education of these two tough domains of the CSSLP. We will cover the skills and knowledge needed to design and develop secure code. In the Secure Software Design domain, you will learn the fundamentals of design principles when applied will save costly rework. In the Secure Software Development domain, we will discuss the OWASP Top 10 threats and how to mitigate them effectively.

The Certified Secure Software Lifecycle Professional (CSSLP) is an (ISC)2 certification with 7 domains focusing on the topics needed to develop hacker resilient software. CSSLPs are professionals who have validated their competency in incorporating security into each phase of the software lifecycle.


E.J. Jones; Boeing

EJ Jones is a Technical Fellow in Information Security. He is recognized industry wide as an expert in software engineering and has over 20 years of experience in the software development and has developed large scale systems on many diverse platforms and languages. He has created Application Security teams and has hands on experience in every phase of the software security lifecycle and has created comprehensive security programs for software development.

EJ has also been leading technical teams in evaluating cloud hosting security controls for applications. He teaches all aspects of software development and a certified CSSLP instructor. He was one of the first developers in the nation to receive the GIAC Secure Software Programming certification in Java. EJ is a leading security architect for mobile devices. He has spoken at the RSA Security, IBM/Rational Developers, and Cloud Security Alliance conferences. In his spare time EJ develops iPhone applications.

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link= Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg