2. Certified Software Security Professional
www.vskills.in
CCCCertifiedertifiedertifiedertified Software Security ProfessionalSoftware Security ProfessionalSoftware Security ProfessionalSoftware Security Professional
Certification CodeCertification CodeCertification CodeCertification Code VS-1086
Vskills certification for Software Security Professional assesses the candidate for a
company’s secured software development needs. The certification tests the candidates on
various areas in software security which includes knowledge of various types of security
attacks and countermeasures on programming language (C/C++, Java and .Net), web
applications, web services, SOA-based application, and mobile applications and tools used.
Why should one take this certification?Why should one take this certification?Why should one take this certification?Why should one take this certification?
This Course is intended for professionals and graduates wanting to excel in their chosen
areas. It is also well suited for those who are already working and would like to take
certification for further career progression.
Earning Vskills Software Security Professional Certification can help candidate differentiate
in today's competitive job market, broaden their employment opportunities by displaying
their advanced skills, and result in higher earning potential.
Who will benefit from taking this certification?Who will benefit from taking this certification?Who will benefit from taking this certification?Who will benefit from taking this certification?
Job seekers looking to find employment in IT or software development department of
various software development companies in public or private sector, students generally
wanting to improve their skill set and make their CV stronger and existing employees
looking for a better role can prove their employers the value of their skills through this
certification
Test DetailsTest DetailsTest DetailsTest Details
• Duration:Duration:Duration:Duration: 60 minutes
• No. of questions:No. of questions:No. of questions:No. of questions: 50
• Maximum marks:Maximum marks:Maximum marks:Maximum marks: 50, Passing marks: 25 (50%)
There is no negative marking in this module.
Fee StructureFee StructureFee StructureFee Structure
Rs. 4,000/- (Includes all taxes)
Companies that hire Vskills CertifiedCompanies that hire Vskills CertifiedCompanies that hire Vskills CertifiedCompanies that hire Vskills Certified Software Security ProfessionalSoftware Security ProfessionalSoftware Security ProfessionalSoftware Security Professional
Software security professionals are in great demand. Companies specializing in
development and testing of software are constantly hiring knowledgeable software security
professionals.
3. Certified Software Security Professional
www.vskills.in
Table of Contents
1.1.1.1. IntroductionIntroductionIntroductionIntroduction
1.1 Digital assets
1.2 Need for computer security
1.3 Risk and vulnerabilities
2.2.2.2. AttacksAttacksAttacksAttacks,,,, Security andSecurity andSecurity andSecurity and MeasuresMeasuresMeasuresMeasures
2.1 Evolution and attack types
2.2 Attack tools
2.3 Security levels
2.4 Security Standards
3.3.3.3. Secured Software CycleSecured Software CycleSecured Software CycleSecured Software Cycle
3.1 Security Lifecycle
3.2 Security Requirements
3.3 Security use cases and modeling
3.4 Security Design and authentication
3.5 Secured coding techniques and review
3.6 Security testing and remediation
4.4.4.4. C/C+ programmingC/C+ programmingC/C+ programmingC/C+ programming
4.1 UNIX/Linux and C/C++ evolution
4.2 Attack types and countermeasures in C/C++
4.3 UNIX security and privileges
4.4 UNIX network programming
5.5.5.5. WindowsWindowsWindowsWindows programmingprogrammingprogrammingprogramming
5.1 Windows Security
5.2 .Net components and runtime security
5.3 .Net security design
5.4 Identity, principal and permission
5.5 Security techniques (type safety, role based and code access)
5.6 ASP.NET and remoting security
6.6.6.6. Java programmingJava programmingJava programmingJava programming
6.1 Java architecture and platform security
6.2 Cryptography API and secure sockets
6.3 JSSE and Java sandbox
6.4 Applets and swing security
7.7.7.7. SOASOASOASOA----based securitybased securitybased securitybased security
7.1 TCP/IP protocols and socket security
7.2 SOA basics and challenges
4. Certified Software Security Professional
www.vskills.in
7.3 RPC and RMI security
7.4 DCOM and ActiveX security
8.8.8.8. Web ApplicationsWeb ApplicationsWeb ApplicationsWeb Applications SecuritySecuritySecuritySecurity
8.1 Web security concepts
8.2 Identity management techniques
8.3 PKI and future
8.4 Attack techniques (code injection and parameter passing)
8.5 Emerging attack types and AVDL
9.9.9.9. Securing MobileSecuring MobileSecuring MobileSecuring Mobile
9.1 Mobile computing architecture and networks
9.2 NGN concepts and security
9.3 J2ME, Java card and USIM security
9.4 Securing WAP, mobile agents and mobile networks
9.5 Windows mobile security
10.10.10.10. Advance Java SecurityAdvance Java SecurityAdvance Java SecurityAdvance Java Security
10.1 Servlet Security
10.2 Securing JSP, Java struts, JSF and EJB
11.11.11.11. AdvanceAdvanceAdvanceAdvance Web ServicesWeb ServicesWeb ServicesWeb Services
11.1 Web service security model and standards
11.2 XML attacks and SSL usage
11.3 OFX and IFX
5. Certified Software Security Professional
www.vskills.in
Course OutlineCourse OutlineCourse OutlineCourse Outline
IntroductionIntroductionIntroductionIntroduction
Understanding the relevance and identification of digital assets
Illustrating the need for computer security in an organization
Describing the concept of risk and vulnerabilities as applied to security paradigm
AttacksAttacksAttacksAttacks,,,, Security andSecurity andSecurity andSecurity and MeasuresMeasuresMeasuresMeasures
Detailing the evolution and different types of security attacks like spoofing, DoS, etc.
Enlisting the various attack tools like ethereal, tcpdump, etc.
Explaining security at various levels like database, network, computer, etc.
Describing the different security standards and bodies like NIST, OWASP, etc.
Secured Software CycleSecured Software CycleSecured Software CycleSecured Software Cycle
Illustrating the concept of security lifecycle which includes various phases of security
requirements, security use cases and modeling, security design and authentication,
secured coding techniques and review and the concluding phase of lifecycle, security
testing and remediation
C/C+ programmingC/C+ programmingC/C+ programmingC/C+ programming
Describing the evolution of C/C++ and their growth with UNIX or Linux
Understanding the different types of attack and countermeasures in C/C++
Explaining the concept of UNIX security and privileges for maintaining security
Detailing the techniques for security implementation in UNIX network programs
Windows programmingWindows programmingWindows programmingWindows programming
Illustrating the windows security architecture for windows operating system
Describing the various components of .Net technology stack of Microsoft and
implementation of .Net runtime security and the .Net security design
Explaining the concept of identity, principal and permission in .Net
Detailing the various security techniques as type safety, role based, code access, etc.
Understanding the concept of ASP.NET for web application and remoting security
Java programmingJava programmingJava programmingJava programming
Describing the basics of Java architecture and it’s platform security
Illustrating the usage of cryptography API for secured sockets
Explaining JSSE for non-secured sockets and Java sandbox for secured environment
Detailing the various methods for applets and swing security
SOASOASOASOA----based securitybased securitybased securitybased security
Understanding the TCP/IP protocols and socket security associated with them
Describing the basics and security challenges for service oriented architecture
Detailing the security techniques for remote procedure call (RPC), remote method
Invocation (RMI), distributed COM (DCOM) and ActiveX technology
6. Certified Software Security Professional
www.vskills.in
Web ApplicationsWeb ApplicationsWeb ApplicationsWeb Applications SecuritySecuritySecuritySecurity
Explaining the concepts of web security and various techniques for identity
management for web applications
Understanding basics of public key infrastructure (PKI) and emerging technologies
Describing the various attack techniques like code injection and parameter passing
Detailing the new attack types like JSON pair injection, JS array poisoning, etc. and
the concept of application vulnerability description language (AVDL) for countering
Securing MobileSecuring MobileSecuring MobileSecuring Mobile
Understanding the architecture of mobile computing and concept of mobile networks
Describing the basics of next generation networks (NGN) and security architecture
Illustrating the various security techniques for J2ME, Java card and USIM
Detailing the process to secure WAP, mobile agents and mobile networks
Explaining the implementation of security to windows OS based mobiles
Advance Java SecurityAdvance Java SecurityAdvance Java SecurityAdvance Java Security
Illustrating the different techniques for servlet security
Describing the process to secure JSP, Java struts, JSF and EJB
AdvanceAdvanceAdvanceAdvance Web ServicesWeb ServicesWeb ServicesWeb Services
Understanding the different web service security model like WS-security, P2P
security, etc. and the concept of web service security standards
Explaining the various types of XML attacks and usage of SSL for web services
Describing the financial transaction security as implemented by open financial
exchange (OFX) and interactive financial exchange (IFX)
7. Certified Software Security Professional
www.vskills.in
Sample QuestionsSample QuestionsSample QuestionsSample Questions
1.1.1.1. TheTheTheThe term AJAX refers toterm AJAX refers toterm AJAX refers toterm AJAX refers to _____________._____________._____________._____________.
A. Asynchronous JavaSwing and XML
B. Asynchronous JavaScript and XML
C. Asynchronous Java and XML
D. None of the above
2222. T. T. T. Thehehehe namenamenamename of an openof an openof an openof an open----source IDsource IDsource IDsource ID isisisis _____________._____________._____________._____________.
A. Ethereal
B. Snort
C. TcpDump
D. None of the above
3333. Usually, TLS provides data communication security over. Usually, TLS provides data communication security over. Usually, TLS provides data communication security over. Usually, TLS provides data communication security over _____________._____________._____________._____________.
A. Remote network
B. Private networks
C. Public networks
D. None of the above
4444.... TheTheTheThe term AES expands toterm AES expands toterm AES expands toterm AES expands to _____________._____________._____________._____________.
A. Advanced encryption specification
B. Advanced encryption standard
C. Advanced encoding standard
D. None of the above
5555. The. The. The. The methodology used by Microsoft for threat modeling ismethodology used by Microsoft for threat modeling ismethodology used by Microsoft for threat modeling ismethodology used by Microsoft for threat modeling is _____________._____________._____________._____________.
A. STRIDE
B. COMPASS
C. RENUN
D. None of the above
Answers: 1 (B), 2 (B), 3 (C), 4 (A), 5 (A)