› Certifications · compare

Compare certifications

Pick up to 3 certifications and compare them side-by-side on cost, exam format, recertification, salary signal, quality, and domain coverage.

Cert 1

Cert 2 (optional)

Cert 3 (optional)

ISC2 · professional

CSSLP

Certified Secure Software Lifecycle Professional

Secure SDLC, threat modelling, secure architecture across product teams.

Official page

OffSec · expert

OSWE

Offensive Security Web Expert

Advanced web application exploitation — whitebox review, vulnerability chain construction.

Official page

Comparing

ISC2CSSLP

OffSecOSWE

› Cost

Exam fee

CSSLP$599

OSWE$1,699

Exam fee

$599

$1,699

Annual maintenance fee

CSSLP—

OSWE—

Annual maintenance fee

—

3-year cost of ownership

CSSLP$599

OSWE$1,699

3-year cost of ownership

$599

$1,699

› Exam mechanics

Pass mark

CSSLP700/1000 (scaled)

OSWELab points-based (varies — typically 60+/100 with report)

Pass mark

700/1000 (scaled)

Lab points-based (varies — typically 60+/100 with report)

Retake policy

CSSLP$599 fee · 30d wait · 4/yr cap

OSWE$249 fee · 0d wait

Retake policy

$599 fee · 30d wait · 4/yr cap

$249 fee · 0d wait

Study time

CSSLP80–150 hrs

OSWE300–500 hrs

Study time

80–150 hrs

300–500 hrs

Validity

CSSLP3 yrs

OSWE3 yrs

Validity

3 yrs

CPE / yr

CSSLP30 CPEs

OSWE30 CPEs

CPE / yr

30 CPEs

Delivery

CSSLPtest center

OSWEpractical lab

Delivery

test center

practical lab

› Salary signal (US base)

Range

CSSLP$120K – $170K

OSWE$130K – $195K

Range

$120K – $170K

$130K – $195K

Median

CSSLP$140,000

OSWE$155,000

Median

$140,000

$155,000

Premium %

CSSLP—

OSWE—

Premium %

—

Role context

CSSLPApplication security engineer / secure-SDLC lead, US, 5+ years.

OSWESenior web/app pentester, US, 4-7 years.

Role context

Application security engineer / secure-SDLC lead, US, 5+ years.

Senior web/app pentester, US, 4-7 years.

› Quality (4-axis rubric · 0–10)

Schema quality

CSSLP8.0

OSWE8.5

Schema quality

8.0

8.5

Practice evidence

CSSLP2.5

OSWE9.5

Practice evidence

2.5

9.5

Maintenance

CSSLP7.0

OSWE7.0

Maintenance

7.0

Market recognition

CSSLP6.0

OSWE7.5

Market recognition

6.0

7.5

Average

CSSLP5.9

OSWE8.1

Average

5.9

8.1

› Recognition & lifecycle

Recognition

CSSLPGlobal · US · EU · UK

OSWEGlobal · US · EU · UK

Recognition

Global · US · EU · UK

ISO 17024 accredited

CSSLP✓

OSWE—

ISO 17024 accredited

✓

—

DoD 8140 baseline

CSSLP✓

OSWE—

DoD 8140 baseline

✓

—

Holders worldwide

CSSLP3,500

OSWE3,000

Holders worldwide

3,500

3,000

Current version

CSSLP2023 CBK refresh (2023-04)

OSWEWEB-300 (2024) (2024-01)

Current version

2023 CBK refresh (2023-04)

WEB-300 (2024) (2024-01)

› Domain coverage

A12Data Security, Privacy & Protection

CSSLP○ touched

OSWE·

A12Data Security, Privacy & Protection

○ touched

A13Supply Chain Security

CSSLP● core

OSWE·

A13Supply Chain Security

● core

A15Cryptography

CSSLP○ touched

OSWE·

A15Cryptography

○ touched

A24Exposure Management & Attack Surface

CSSLP·

OSWE○ touched

A24Exposure Management & Attack Surface

○ touched

A25Security Architecture & Engineering

CSSLP● core

OSWE·

A25Security Architecture & Engineering

● core

A4Application Security

CSSLP● core

OSWE● core

A4Application Security

● core

A9Penetration Testing & Red Teaming

CSSLP·

OSWE● core

A9Penetration Testing & Red Teaming

● core

Browse the full catalog or open any one of these on its detail page for full study materials, peer comparisons, and lifecycle notes.

All certifications CSSLP detail OSWE detail