Software Security Certification

  • 93 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
93
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
2
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Certified Software Security Professional VS-1086
  • 2. Certified Software Security Professional www.vskills.in CCCCertifiedertifiedertifiedertified Software Security ProfessionalSoftware Security ProfessionalSoftware Security ProfessionalSoftware Security Professional Certification CodeCertification CodeCertification CodeCertification Code VS-1086 Vskills certification for Software Security Professional assesses the candidate for a company’s secured software development needs. The certification tests the candidates on various areas in software security which includes knowledge of various types of security attacks and countermeasures on programming language (C/C++, Java and .Net), web applications, web services, SOA-based application, and mobile applications and tools used. Why should one take this certification?Why should one take this certification?Why should one take this certification?Why should one take this certification? This Course is intended for professionals and graduates wanting to excel in their chosen areas. It is also well suited for those who are already working and would like to take certification for further career progression. Earning Vskills Software Security Professional Certification can help candidate differentiate in today's competitive job market, broaden their employment opportunities by displaying their advanced skills, and result in higher earning potential. Who will benefit from taking this certification?Who will benefit from taking this certification?Who will benefit from taking this certification?Who will benefit from taking this certification? Job seekers looking to find employment in IT or software development department of various software development companies in public or private sector, students generally wanting to improve their skill set and make their CV stronger and existing employees looking for a better role can prove their employers the value of their skills through this certification Test DetailsTest DetailsTest DetailsTest Details • Duration:Duration:Duration:Duration: 60 minutes • No. of questions:No. of questions:No. of questions:No. of questions: 50 • Maximum marks:Maximum marks:Maximum marks:Maximum marks: 50, Passing marks: 25 (50%) There is no negative marking in this module. Fee StructureFee StructureFee StructureFee Structure Rs. 4,000/- (Includes all taxes) Companies that hire Vskills CertifiedCompanies that hire Vskills CertifiedCompanies that hire Vskills CertifiedCompanies that hire Vskills Certified Software Security ProfessionalSoftware Security ProfessionalSoftware Security ProfessionalSoftware Security Professional Software security professionals are in great demand. Companies specializing in development and testing of software are constantly hiring knowledgeable software security professionals.
  • 3. Certified Software Security Professional www.vskills.in Table of Contents 1.1.1.1. IntroductionIntroductionIntroductionIntroduction 1.1 Digital assets 1.2 Need for computer security 1.3 Risk and vulnerabilities 2.2.2.2. AttacksAttacksAttacksAttacks,,,, Security andSecurity andSecurity andSecurity and MeasuresMeasuresMeasuresMeasures 2.1 Evolution and attack types 2.2 Attack tools 2.3 Security levels 2.4 Security Standards 3.3.3.3. Secured Software CycleSecured Software CycleSecured Software CycleSecured Software Cycle 3.1 Security Lifecycle 3.2 Security Requirements 3.3 Security use cases and modeling 3.4 Security Design and authentication 3.5 Secured coding techniques and review 3.6 Security testing and remediation 4.4.4.4. C/C+ programmingC/C+ programmingC/C+ programmingC/C+ programming 4.1 UNIX/Linux and C/C++ evolution 4.2 Attack types and countermeasures in C/C++ 4.3 UNIX security and privileges 4.4 UNIX network programming 5.5.5.5. WindowsWindowsWindowsWindows programmingprogrammingprogrammingprogramming 5.1 Windows Security 5.2 .Net components and runtime security 5.3 .Net security design 5.4 Identity, principal and permission 5.5 Security techniques (type safety, role based and code access) 5.6 ASP.NET and remoting security 6.6.6.6. Java programmingJava programmingJava programmingJava programming 6.1 Java architecture and platform security 6.2 Cryptography API and secure sockets 6.3 JSSE and Java sandbox 6.4 Applets and swing security 7.7.7.7. SOASOASOASOA----based securitybased securitybased securitybased security 7.1 TCP/IP protocols and socket security 7.2 SOA basics and challenges
  • 4. Certified Software Security Professional www.vskills.in 7.3 RPC and RMI security 7.4 DCOM and ActiveX security 8.8.8.8. Web ApplicationsWeb ApplicationsWeb ApplicationsWeb Applications SecuritySecuritySecuritySecurity 8.1 Web security concepts 8.2 Identity management techniques 8.3 PKI and future 8.4 Attack techniques (code injection and parameter passing) 8.5 Emerging attack types and AVDL 9.9.9.9. Securing MobileSecuring MobileSecuring MobileSecuring Mobile 9.1 Mobile computing architecture and networks 9.2 NGN concepts and security 9.3 J2ME, Java card and USIM security 9.4 Securing WAP, mobile agents and mobile networks 9.5 Windows mobile security 10.10.10.10. AAAAdvance Java Securitydvance Java Securitydvance Java Securitydvance Java Security 10.1 Servlet Security 10.2 Securing JSP, Java struts, JSF and EJB 11.11.11.11. AdvanceAdvanceAdvanceAdvance Web ServicesWeb ServicesWeb ServicesWeb Services 11.1 Web service security model and standards 11.2 XML attacks and SSL usage 11.3 OFX and IFX
  • 5. Certified Software Security Professional www.vskills.in Course OutlineCourse OutlineCourse OutlineCourse Outline IntroductionIntroductionIntroductionIntroduction Understanding the relevance and identification of digital assets Illustrating the need for computer security in an organization Describing the concept of risk and vulnerabilities as applied to security paradigm AttacksAttacksAttacksAttacks,,,, Security andSecurity andSecurity andSecurity and MeasuresMeasuresMeasuresMeasures Detailing the evolution and different types of security attacks like spoofing, DoS, etc. Enlisting the various attack tools like ethereal, tcpdump, etc. Explaining security at various levels like database, network, computer, etc. Describing the different security standards and bodies like NIST, OWASP, etc. Secured Software CycleSecured Software CycleSecured Software CycleSecured Software Cycle Illustrating the concept of security lifecycle which includes various phases of security requirements, security use cases and modeling, security design and authentication, secured coding techniques and review and the concluding phase of lifecycle, security testing and remediation C/C+ programmingC/C+ programmingC/C+ programmingC/C+ programming Describing the evolution of C/C++ and their growth with UNIX or Linux Understanding the different types of attack and countermeasures in C/C++ Explaining the concept of UNIX security and privileges for maintaining security Detailing the techniques for security implementation in UNIX network programs Windows programmingWindows programmingWindows programmingWindows programming Illustrating the windows security architecture for windows operating system Describing the various components of .Net technology stack of Microsoft and implementation of .Net runtime security and the .Net security design Explaining the concept of identity, principal and permission in .Net Detailing the various security techniques as type safety, role based, code access, etc. Understanding the concept of ASP.NET for web application and remoting security Java programmingJava programmingJava programmingJava programming Describing the basics of Java architecture and it’s platform security Illustrating the usage of cryptography API for secured sockets Explaining JSSE for non-secured sockets and Java sandbox for secured environment Detailing the various methods for applets and swing security SOASOASOASOA----based securitybased securitybased securitybased security Understanding the TCP/IP protocols and socket security associated with them Describing the basics and security challenges for service oriented architecture Detailing the security techniques for remote procedure call (RPC), remote method Invocation (RMI), distributed COM (DCOM) and ActiveX technology
  • 6. Certified Software Security Professional www.vskills.in Web ApplicationsWeb ApplicationsWeb ApplicationsWeb Applications SecuritySecuritySecuritySecurity Explaining the concepts of web security and various techniques for identity management for web applications Understanding basics of public key infrastructure (PKI) and emerging technologies Describing the various attack techniques like code injection and parameter passing Detailing the new attack types like JSON pair injection, JS array poisoning, etc. and the concept of application vulnerability description language (AVDL) for countering Securing MobileSecuring MobileSecuring MobileSecuring Mobile Understanding the architecture of mobile computing and concept of mobile networks Describing the basics of next generation networks (NGN) and security architecture Illustrating the various security techniques for J2ME, Java card and USIM Detailing the process to secure WAP, mobile agents and mobile networks Explaining the implementation of security to windows OS based mobiles Advance Java SecurityAdvance Java SecurityAdvance Java SecurityAdvance Java Security Illustrating the different techniques for servlet security Describing the process to secure JSP, Java struts, JSF and EJB AdvanceAdvanceAdvanceAdvance Web ServicesWeb ServicesWeb ServicesWeb Services Understanding the different web service security model like WS-security, P2P security, etc. and the concept of web service security standards Explaining the various types of XML attacks and usage of SSL for web services Describing the financial transaction security as implemented by open financial exchange (OFX) and interactive financial exchange (IFX)
  • 7. Certified Software Security Professional www.vskills.in Sample QuestionsSample QuestionsSample QuestionsSample Questions 1.1.1.1. TheTheTheThe term AJAX refers toterm AJAX refers toterm AJAX refers toterm AJAX refers to _____________._____________._____________._____________. A. Asynchronous JavaSwing and XML B. Asynchronous JavaScript and XML C. Asynchronous Java and XML D. None of the above 2222. Th. Th. Th. Theeee namenamenamename of an openof an openof an openof an open----source IDsource IDsource IDsource ID isisisis _____________._____________._____________._____________. A. Ethereal B. Snort C. TcpDump D. None of the above 3333. Usually, TLS provides data communication security over. Usually, TLS provides data communication security over. Usually, TLS provides data communication security over. Usually, TLS provides data communication security over _____________._____________._____________._____________. A. Remote network B. Private networks C. Public networks D. None of the above 4444. T. T. T. Thehehehe term AES expands toterm AES expands toterm AES expands toterm AES expands to _____________._____________._____________._____________. A. Advanced encryption specification B. Advanced encryption standard C. Advanced encoding standard D. None of the above 5555. The. The. The. The methodology used by Microsoft for threat modeling ismethodology used by Microsoft for threat modeling ismethodology used by Microsoft for threat modeling ismethodology used by Microsoft for threat modeling is _____________._____________._____________._____________. A. STRIDE B. COMPASS C. RENUN D. None of the above Answers: 1 (B), 2 (B), 3 (C), 4 (A), 5 (A)