Cyber Secure Coder (CSC-210) Exam Voucher

This exam will certify that the successful candidate has the knowledge, skills, and abilities to design and develop a variety of applications for various platforms, analyze security concerns outside of specific languages and platforms, use a number of testing and analysis tools, and mitigate against common threats to data and systems.
 

This certification exam is designed for software developers, testers, and architects who may develop in multiple programming languages for any type of platform and who desire or are required to develop highly secure applications for business and organizational use. Candidates will also have a need to author or analyze specifications and technical requirements and develop applications that meet them.
 

While there are no formal prerequisites to register for and schedule an exam, we strongly recommend that you first possess the knowledge, skills, and abilities to do the following:
• Develop applications using multiple programming languages and coding environments while following generally accepted coding best practices.
• Develop applications for a variety of platforms: web, cloud, mobile, and desktop.
• Write and analyze use cases, technical requirements, specifications, and other application documentation.
• Work with common tools, such as analysis, debugging, encryption, and penetration testing tools.
You can obtain this level of skill and knowledge by taking the following courseware, which is available through training providers located around the world, or by attending an equivalent third-party training program:
• CertNexus Certified Cyber Secure Coder™ (Exam CSC-210)

Domain 1.0 Common Secure Application Development Terminology and Concepts Objective 1.1 - Understand basic security principles

• Encryption
• Division of resources/categorization of components
• The CIA Triad
• AAA
• Least privilege
• Least common mechanism
• Defense in Depth
• Fail safe
• Weakest link
• Separation of duties
• Monitoring

Objective 1.2 - Identify common hacking terminology and concepts

• Black hat, gray hat, white hat
• Builders and breakers
• Social engineering
• Vulnerability
• Exploits and attacks

Domain 2.0 Job and Process Responsibilities Related to Secure Application Development Objective 2.1 - Explain the software development lifecycle

• SDLC phases
• Secure SDLC

Objective 2.2 - Understand the role of the designer/architect in creating secure applications

• Design deliverables
• Whiteboarding
• Compliance assurance and adherence to organizational requirements

Objective 2.3 - Explain the role of the developer in creating secure applications

• Development deliverables
• Debugging tools
• Use of standard libraries and APIs

Objective 2.4 - Understand the role of the code reviewer in creating secure applications

• Review deliverables
• Static analysis tools
• Dynamic code analysis tools

Objective 2.5 - Understand the role of the application tester in creating secure applications

• Testing deliverables
• Penetration testing

Domain 3.0 Architecture and Design Objective 3.1 - Interpret use and abuse cases

• Design intentions
• Attacks

Objective 3.2 - Understand architecture and design industry best practices

• Modular design
• Design methodologies
• Software design patterns
• Security design patterns
• Requiring strong passwords
• Identity management process
• Design of monitoring/logging system

Objective 3.3 - Identify common regulations that relate to secure software development

• HIPAA
• PCI DSS
• ISO 27001
• SOX
• Country-specific privacy laws

Objective 3.4 - Explain the importance of organizational requirements to the development of secure software applications

• Internal organizational processes
• Internal organizational policies

Domain 4.0 Risk Assessment and Management Objective 4.1 - Classify common threats and vulnerabilities in terms of their impact on applications

• OWASP Top 10
• CWE/SANS Top 25
• Attack vectors
• Assets
• Risks
• Threat types
• Countermeasures
• Impacts
• Probability

Objective 4.2 - Compare and contrast common risk assessment and management best practices

• Quantitative risk assessment
• Qualitative risk assessment
• Policy adjustments/updates
• Architectural review

Domain 5.0 Application Implementation Objective 5.1 - Implement input validation

• Input vulnerabilities
• Input validation techniques

Objective 5.2 - Restrict the output of sensitive data

• Output vulnerability
• Output security techniques

Objective 5.3 - Implement cryptography

• Crypto libraries
• Key management
• Algorithm implementation
• Secure storage of data

Objective 5.4 - Implement authentication and access control

• Password verification
• Roles, permissions, groups
• Implementation of secure session management
• Account lockouts
• Password recovery

Objective 5.5 - Implement error handling and logging

• Error message logging
• Security exception logging
• Log centralization

Objective 5.6 - Implement communication security

• SSL/TLS
• Encrypted tunnels
• Mobile app considerations
• IoT app considerations
• Security of web services

Objective 5.7 - Implement application security parameters and configure security settings

• Parameterizing security properties and settings
• Configuration file protection
• Default passwords on third-party applications

Objective 5.8 - Implement secure database access

• Elimination of string concatenation for database queries
• Database connection access control