SlideShare a Scribd company logo

Software Security Certification

Vskills
Vskills
Technology
1 of 8
Download to read offline
Certified Software Security Professional VS-1086
Certified Software Security Professional www.vskills.in CCCCertifiedertifiedertifiedertified Software Security ProfessionalSoftware Security ProfessionalSoftware Security ProfessionalSoftware Security Professional Certification CodeCertification CodeCertification CodeCertification Code VS-1086 Vskills certification for Software Security Professional assesses the candidate for a company’s secured software development needs. The certification tests the candidates on various areas in software security which includes knowledge of various types of security attacks and countermeasures on programming language (C/C++, Java and .Net), web applications, web services, SOA-based application, and mobile applications and tools used. Why should one take this certification?Why should one take this certification?Why should one take this certification?Why should one take this certification? This Course is intended for professionals and graduates wanting to excel in their chosen areas. It is also well suited for those who are already working and would like to take certification for further career progression. Earning Vskills Software Security Professional Certification can help candidate differentiate in today's competitive job market, broaden their employment opportunities by displaying their advanced skills, and result in higher earning potential. Who will benefit from taking this certification?Who will benefit from taking this certification?Who will benefit from taking this certification?Who will benefit from taking this certification? Job seekers looking to find employment in IT or software development department of various software development companies in public or private sector, students generally wanting to improve their skill set and make their CV stronger and existing employees looking for a better role can prove their employers the value of their skills through this certification Test DetailsTest DetailsTest DetailsTest Details • Duration:Duration:Duration:Duration: 60 minutes • No. of questions:No. of questions:No. of questions:No. of questions: 50 • Maximum marks:Maximum marks:Maximum marks:Maximum marks: 50, Passing marks: 25 (50%) There is no negative marking in this module. Fee StructureFee StructureFee StructureFee Structure Rs. 4,000/- (Includes all taxes) Companies that hire Vskills CertifiedCompanies that hire Vskills CertifiedCompanies that hire Vskills CertifiedCompanies that hire Vskills Certified Software Security ProfessionalSoftware Security ProfessionalSoftware Security ProfessionalSoftware Security Professional Software security professionals are in great demand. Companies specializing in development and testing of software are constantly hiring knowledgeable software security professionals.
Certified Software Security Professional www.vskills.in Table of Contents 1.1.1.1. IntroductionIntroductionIntroductionIntroduction 1.1 Digital assets 1.2 Need for computer security 1.3 Risk and vulnerabilities 2.2.2.2. AttacksAttacksAttacksAttacks,,,, Security andSecurity andSecurity andSecurity and MeasuresMeasuresMeasuresMeasures 2.1 Evolution and attack types 2.2 Attack tools 2.3 Security levels 2.4 Security Standards 3.3.3.3. Secured Software CycleSecured Software CycleSecured Software CycleSecured Software Cycle 3.1 Security Lifecycle 3.2 Security Requirements 3.3 Security use cases and modeling 3.4 Security Design and authentication 3.5 Secured coding techniques and review 3.6 Security testing and remediation 4.4.4.4. C/C+ programmingC/C+ programmingC/C+ programmingC/C+ programming 4.1 UNIX/Linux and C/C++ evolution 4.2 Attack types and countermeasures in C/C++ 4.3 UNIX security and privileges 4.4 UNIX network programming 5.5.5.5. WindowsWindowsWindowsWindows programmingprogrammingprogrammingprogramming 5.1 Windows Security 5.2 .Net components and runtime security 5.3 .Net security design 5.4 Identity, principal and permission 5.5 Security techniques (type safety, role based and code access) 5.6 ASP.NET and remoting security 6.6.6.6. Java programmingJava programmingJava programmingJava programming 6.1 Java architecture and platform security 6.2 Cryptography API and secure sockets 6.3 JSSE and Java sandbox 6.4 Applets and swing security 7.7.7.7. SOASOASOASOA----based securitybased securitybased securitybased security 7.1 TCP/IP protocols and socket security 7.2 SOA basics and challenges
Certified Software Security Professional www.vskills.in 7.3 RPC and RMI security 7.4 DCOM and ActiveX security 8.8.8.8. Web ApplicationsWeb ApplicationsWeb ApplicationsWeb Applications SecuritySecuritySecuritySecurity 8.1 Web security concepts 8.2 Identity management techniques 8.3 PKI and future 8.4 Attack techniques (code injection and parameter passing) 8.5 Emerging attack types and AVDL 9.9.9.9. Securing MobileSecuring MobileSecuring MobileSecuring Mobile 9.1 Mobile computing architecture and networks 9.2 NGN concepts and security 9.3 J2ME, Java card and USIM security 9.4 Securing WAP, mobile agents and mobile networks 9.5 Windows mobile security 10.10.10.10. Advance Java SecurityAdvance Java SecurityAdvance Java SecurityAdvance Java Security 10.1 Servlet Security 10.2 Securing JSP, Java struts, JSF and EJB 11.11.11.11. AdvanceAdvanceAdvanceAdvance Web ServicesWeb ServicesWeb ServicesWeb Services 11.1 Web service security model and standards 11.2 XML attacks and SSL usage 11.3 OFX and IFX
Certified Software Security Professional www.vskills.in Course OutlineCourse OutlineCourse OutlineCourse Outline IntroductionIntroductionIntroductionIntroduction Understanding the relevance and identification of digital assets Illustrating the need for computer security in an organization Describing the concept of risk and vulnerabilities as applied to security paradigm AttacksAttacksAttacksAttacks,,,, Security andSecurity andSecurity andSecurity and MeasuresMeasuresMeasuresMeasures Detailing the evolution and different types of security attacks like spoofing, DoS, etc. Enlisting the various attack tools like ethereal, tcpdump, etc. Explaining security at various levels like database, network, computer, etc. Describing the different security standards and bodies like NIST, OWASP, etc. Secured Software CycleSecured Software CycleSecured Software CycleSecured Software Cycle Illustrating the concept of security lifecycle which includes various phases of security requirements, security use cases and modeling, security design and authentication, secured coding techniques and review and the concluding phase of lifecycle, security testing and remediation C/C+ programmingC/C+ programmingC/C+ programmingC/C+ programming Describing the evolution of C/C++ and their growth with UNIX or Linux Understanding the different types of attack and countermeasures in C/C++ Explaining the concept of UNIX security and privileges for maintaining security Detailing the techniques for security implementation in UNIX network programs Windows programmingWindows programmingWindows programmingWindows programming Illustrating the windows security architecture for windows operating system Describing the various components of .Net technology stack of Microsoft and implementation of .Net runtime security and the .Net security design Explaining the concept of identity, principal and permission in .Net Detailing the various security techniques as type safety, role based, code access, etc. Understanding the concept of ASP.NET for web application and remoting security Java programmingJava programmingJava programmingJava programming Describing the basics of Java architecture and it’s platform security Illustrating the usage of cryptography API for secured sockets Explaining JSSE for non-secured sockets and Java sandbox for secured environment Detailing the various methods for applets and swing security SOASOASOASOA----based securitybased securitybased securitybased security Understanding the TCP/IP protocols and socket security associated with them Describing the basics and security challenges for service oriented architecture Detailing the security techniques for remote procedure call (RPC), remote method Invocation (RMI), distributed COM (DCOM) and ActiveX technology
Certified Software Security Professional www.vskills.in Web ApplicationsWeb ApplicationsWeb ApplicationsWeb Applications SecuritySecuritySecuritySecurity Explaining the concepts of web security and various techniques for identity management for web applications Understanding basics of public key infrastructure (PKI) and emerging technologies Describing the various attack techniques like code injection and parameter passing Detailing the new attack types like JSON pair injection, JS array poisoning, etc. and the concept of application vulnerability description language (AVDL) for countering Securing MobileSecuring MobileSecuring MobileSecuring Mobile Understanding the architecture of mobile computing and concept of mobile networks Describing the basics of next generation networks (NGN) and security architecture Illustrating the various security techniques for J2ME, Java card and USIM Detailing the process to secure WAP, mobile agents and mobile networks Explaining the implementation of security to windows OS based mobiles Advance Java SecurityAdvance Java SecurityAdvance Java SecurityAdvance Java Security Illustrating the different techniques for servlet security Describing the process to secure JSP, Java struts, JSF and EJB AdvanceAdvanceAdvanceAdvance Web ServicesWeb ServicesWeb ServicesWeb Services Understanding the different web service security model like WS-security, P2P security, etc. and the concept of web service security standards Explaining the various types of XML attacks and usage of SSL for web services Describing the financial transaction security as implemented by open financial exchange (OFX) and interactive financial exchange (IFX)
Certified Software Security Professional www.vskills.in Sample QuestionsSample QuestionsSample QuestionsSample Questions 1.1.1.1. TheTheTheThe term AJAX refers toterm AJAX refers toterm AJAX refers toterm AJAX refers to _____________._____________._____________._____________. A. Asynchronous JavaSwing and XML B. Asynchronous JavaScript and XML C. Asynchronous Java and XML D. None of the above 2222. T. T. T. Thehehehe namenamenamename of an openof an openof an openof an open----source IDsource IDsource IDsource ID isisisis _____________._____________._____________._____________. A. Ethereal B. Snort C. TcpDump D. None of the above 3333. Usually, TLS provides data communication security over. Usually, TLS provides data communication security over. Usually, TLS provides data communication security over. Usually, TLS provides data communication security over _____________._____________._____________._____________. A. Remote network B. Private networks C. Public networks D. None of the above 4444.... TheTheTheThe term AES expands toterm AES expands toterm AES expands toterm AES expands to _____________._____________._____________._____________. A. Advanced encryption specification B. Advanced encryption standard C. Advanced encoding standard D. None of the above 5555. The. The. The. The methodology used by Microsoft for threat modeling ismethodology used by Microsoft for threat modeling ismethodology used by Microsoft for threat modeling ismethodology used by Microsoft for threat modeling is _____________._____________._____________._____________. A. STRIDE B. COMPASS C. RENUN D. None of the above Answers: 1 (B), 2 (B), 3 (C), 4 (A), 5 (A)
Software Security Certification

Recommended

Security in Java
Security in JavaSecurity in Java
Security in JavaSiddharth Coontoor
 
Csslp
CsslpCsslp
CsslpSushil Shakya
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Márcio Rosa
 
Ec-Council secure programmer. net
Ec-Council secure programmer. netEc-Council secure programmer. net
Ec-Council secure programmer. netBOOSTurSKILLS
 
Matteo Meucci - Security Summit 12th March 2019
Matteo Meucci - Security Summit 12th March 2019Matteo Meucci - Security Summit 12th March 2019
Matteo Meucci - Security Summit 12th March 2019Minded Security
 
Validy netinc nsa_ops1_ops2_executive summary
Validy netinc nsa_ops1_ops2_executive summaryValidy netinc nsa_ops1_ops2_executive summary
Validy netinc nsa_ops1_ops2_executive summaryGilles Sgro
 
Spring security 2017
Spring security 2017Spring security 2017
Spring security 2017Vortexbird
 
Java & The Android Stack: A Security Analysis
Java & The Android Stack: A Security AnalysisJava & The Android Stack: A Security Analysis
Java & The Android Stack: A Security AnalysisPragati Rai
 

Recommended

Security in Java
Security in JavaSecurity in Java
Security in JavaSiddharth Coontoor
 
Csslp
CsslpCsslp
CsslpSushil Shakya
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Márcio Rosa
 
Ec-Council secure programmer. net
Ec-Council secure programmer. netEc-Council secure programmer. net
Ec-Council secure programmer. netBOOSTurSKILLS
 
Matteo Meucci - Security Summit 12th March 2019
Matteo Meucci - Security Summit 12th March 2019Matteo Meucci - Security Summit 12th March 2019
Matteo Meucci - Security Summit 12th March 2019Minded Security
 
Validy netinc nsa_ops1_ops2_executive summary
Validy netinc nsa_ops1_ops2_executive summaryValidy netinc nsa_ops1_ops2_executive summary
Validy netinc nsa_ops1_ops2_executive summaryGilles Sgro
 
Spring security 2017
Spring security 2017Spring security 2017
Spring security 2017Vortexbird
 
Java & The Android Stack: A Security Analysis
Java & The Android Stack: A Security AnalysisJava & The Android Stack: A Security Analysis
Java & The Android Stack: A Security AnalysisPragati Rai
 
Op2423922398
Op2423922398Op2423922398
Op2423922398IJERA Editor
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security CertificationsNithin Sai
 
App Sec Eu08 Sec Frm Not In Code
App Sec Eu08 Sec Frm Not In CodeApp Sec Eu08 Sec Frm Not In Code
App Sec Eu08 Sec Frm Not In CodeSamuele Reghenzi
 
[ITAS.VN]CxSuite Enterprise Edition
[ITAS.VN]CxSuite Enterprise Edition[ITAS.VN]CxSuite Enterprise Edition
[ITAS.VN]CxSuite Enterprise EditionITAS VIETNAM
 
Android Secure Coding
Android Secure CodingAndroid Secure Coding
Android Secure CodingJPCERT Coordination Center
 
SVILUPPO WEB E SICUREZZA NEL 2014
SVILUPPO WEB E SICUREZZA NEL 2014SVILUPPO WEB E SICUREZZA NEL 2014
SVILUPPO WEB E SICUREZZA NEL 2014Massimo Chirivì
 
Application_security_Strategic
Application_security_StrategicApplication_security_Strategic
Application_security_StrategicRamesh VG
 
Secure development of code
Secure development of codeSecure development of code
Secure development of codeSalomeVictor
 
ProGuard vs DexGuard
ProGuard vs DexGuardProGuard vs DexGuard
ProGuard vs DexGuardTopher Jordan
 
Python For Droid
Python For DroidPython For Droid
Python For DroidRich Helton
 
Python Final
Python FinalPython Final
Python FinalRich Helton
 
Safe Code Software Integrity Controls0610
Safe Code Software Integrity Controls0610Safe Code Software Integrity Controls0610
Safe Code Software Integrity Controls0610Tommy Tracx Xaypanya
 
Framework for Safety Critical System Software
Framework for Safety Critical System SoftwareFramework for Safety Critical System Software
Framework for Safety Critical System Softwareijtsrd
 
Dupressoir
DupressoirDupressoir
Dupressoiranesah
 
Secure Application Development Training
Secure Application Development TrainingSecure Application Development Training
Secure Application Development Trainingpivotalsecurity
 
Mudassar_Yash Technologies AB_CV
Mudassar_Yash Technologies AB_CVMudassar_Yash Technologies AB_CV
Mudassar_Yash Technologies AB_CVMudassar Ahamer Hakim
 
Secure JEE Architecture and Programming 101
Secure JEE Architecture and Programming 101Secure JEE Architecture and Programming 101
Secure JEE Architecture and Programming 101Mario-Leander Reimer
 
First Steps in Android
First Steps in AndroidFirst Steps in Android
First Steps in AndroidRich Helton
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
 
Compensation and benefits manager certification
Compensation and benefits manager certificationCompensation and benefits manager certification
Compensation and benefits manager certificationVskills
 
Financial Risk management Certification
Financial Risk management CertificationFinancial Risk management Certification
Financial Risk management CertificationVskills
 
Vskills Certified Brand Manager
Vskills Certified Brand ManagerVskills Certified Brand Manager
Vskills Certified Brand ManagerVskills
 

More Related Content

What's hot

Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security CertificationsNithin Sai
 
App Sec Eu08 Sec Frm Not In Code
App Sec Eu08 Sec Frm Not In CodeApp Sec Eu08 Sec Frm Not In Code
App Sec Eu08 Sec Frm Not In CodeSamuele Reghenzi
 
[ITAS.VN]CxSuite Enterprise Edition
[ITAS.VN]CxSuite Enterprise Edition[ITAS.VN]CxSuite Enterprise Edition
[ITAS.VN]CxSuite Enterprise EditionITAS VIETNAM
 
SVILUPPO WEB E SICUREZZA NEL 2014
SVILUPPO WEB E SICUREZZA NEL 2014SVILUPPO WEB E SICUREZZA NEL 2014
SVILUPPO WEB E SICUREZZA NEL 2014Massimo Chirivì
 
Application_security_Strategic
Application_security_StrategicApplication_security_Strategic
Application_security_StrategicRamesh VG
 
Secure development of code
Secure development of codeSecure development of code
Secure development of codeSalomeVictor
 
ProGuard vs DexGuard
ProGuard vs DexGuardProGuard vs DexGuard
ProGuard vs DexGuardTopher Jordan
 
Python For Droid
Python For DroidPython For Droid
Python For DroidRich Helton
 
Safe Code Software Integrity Controls0610
Safe Code Software Integrity Controls0610Safe Code Software Integrity Controls0610
Safe Code Software Integrity Controls0610Tommy Tracx Xaypanya
 
Framework for Safety Critical System Software
Framework for Safety Critical System SoftwareFramework for Safety Critical System Software
Framework for Safety Critical System Softwareijtsrd
 
Dupressoir
DupressoirDupressoir
Dupressoiranesah
 
Secure Application Development Training
Secure Application Development TrainingSecure Application Development Training
Secure Application Development Trainingpivotalsecurity
 
Secure JEE Architecture and Programming 101
Secure JEE Architecture and Programming 101Secure JEE Architecture and Programming 101
Secure JEE Architecture and Programming 101Mario-Leander Reimer
 
First Steps in Android
First Steps in AndroidFirst Steps in Android
First Steps in AndroidRich Helton
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
 

What's hot (19)

Op2423922398
Op2423922398Op2423922398
Op2423922398
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security Certifications
 
App Sec Eu08 Sec Frm Not In Code
App Sec Eu08 Sec Frm Not In CodeApp Sec Eu08 Sec Frm Not In Code
App Sec Eu08 Sec Frm Not In Code
 
[ITAS.VN]CxSuite Enterprise Edition
[ITAS.VN]CxSuite Enterprise Edition[ITAS.VN]CxSuite Enterprise Edition
[ITAS.VN]CxSuite Enterprise Edition
 
Android Secure Coding
Android Secure CodingAndroid Secure Coding
Android Secure Coding
 
SVILUPPO WEB E SICUREZZA NEL 2014
SVILUPPO WEB E SICUREZZA NEL 2014SVILUPPO WEB E SICUREZZA NEL 2014
SVILUPPO WEB E SICUREZZA NEL 2014
 
Application_security_Strategic
Application_security_StrategicApplication_security_Strategic
Application_security_Strategic
 
Secure development of code
Secure development of codeSecure development of code
Secure development of code
 
ProGuard vs DexGuard
ProGuard vs DexGuardProGuard vs DexGuard
ProGuard vs DexGuard
 
Python For Droid
Python For DroidPython For Droid
Python For Droid
 
Python Final
Python FinalPython Final
Python Final
 
Safe Code Software Integrity Controls0610
Safe Code Software Integrity Controls0610Safe Code Software Integrity Controls0610
Safe Code Software Integrity Controls0610
 
Framework for Safety Critical System Software
Framework for Safety Critical System SoftwareFramework for Safety Critical System Software
Framework for Safety Critical System Software
 
Dupressoir
DupressoirDupressoir
Dupressoir
 
Secure Application Development Training
Secure Application Development TrainingSecure Application Development Training
Secure Application Development Training
 
Mudassar_Yash Technologies AB_CV
Mudassar_Yash Technologies AB_CVMudassar_Yash Technologies AB_CV
Mudassar_Yash Technologies AB_CV
 
Secure JEE Architecture and Programming 101
Secure JEE Architecture and Programming 101Secure JEE Architecture and Programming 101
Secure JEE Architecture and Programming 101
 
First Steps in Android
First Steps in AndroidFirst Steps in Android
First Steps in Android
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
 

Viewers also liked

Compensation and benefits manager certification
Compensation and benefits manager certificationCompensation and benefits manager certification
Compensation and benefits manager certificationVskills
 
Financial Risk management Certification
Financial Risk management CertificationFinancial Risk management Certification
Financial Risk management CertificationVskills
 
Vskills Certified Brand Manager
Vskills Certified Brand ManagerVskills Certified Brand Manager
Vskills Certified Brand ManagerVskills
 
SEO Certification
SEO CertificationSEO Certification
SEO CertificationVskills
 
fitness instructor certification
fitness instructor certificationfitness instructor certification
fitness instructor certificationVskills
 
services marketing manager certification
services marketing manager certificationservices marketing manager certification
services marketing manager certificationVskills
 
SVG Certification
SVG CertificationSVG Certification
SVG CertificationVskills
 
Selenium Certification
Selenium CertificationSelenium Certification
Selenium CertificationVskills
 
gaap accounting standards Certification
gaap accounting standards Certificationgaap accounting standards Certification
gaap accounting standards CertificationVskills
 

Viewers also liked (9)

Compensation and benefits manager certification
Compensation and benefits manager certificationCompensation and benefits manager certification
Compensation and benefits manager certification
 
Financial Risk management Certification
Financial Risk management CertificationFinancial Risk management Certification
Financial Risk management Certification
 
Vskills Certified Brand Manager
Vskills Certified Brand ManagerVskills Certified Brand Manager
Vskills Certified Brand Manager
 
SEO Certification
SEO CertificationSEO Certification
SEO Certification
 
fitness instructor certification
fitness instructor certificationfitness instructor certification
fitness instructor certification
 
services marketing manager certification
services marketing manager certificationservices marketing manager certification
services marketing manager certification
 
SVG Certification
SVG CertificationSVG Certification
SVG Certification
 
Selenium Certification
Selenium CertificationSelenium Certification
Selenium Certification
 
gaap accounting standards Certification
gaap accounting standards Certificationgaap accounting standards Certification
gaap accounting standards Certification
 

Similar to Software Security Certification

Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security CertificationVskills
 
EC-Council secure programmer. net
EC-Council secure programmer. netEC-Council secure programmer. net
EC-Council secure programmer. netBOOSTurSKILLS
 
EC-Council Secure Programmer Java
EC-Council Secure Programmer JavaEC-Council Secure Programmer Java
EC-Council Secure Programmer JavaBOOSTurSKILLS
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
 
Certifications in IT fields
Certifications in IT fieldsCertifications in IT fields
Certifications in IT fieldsankur bhalla
 
"Exploring the Diverse World of CCNP Certifications" .pdf
"Exploring the Diverse World of CCNP Certifications" .pdf"Exploring the Diverse World of CCNP Certifications" .pdf
"Exploring the Diverse World of CCNP Certifications" .pdfarjunnegi34
 
Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Tech
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahNSConclave
 
Efficient Securing System Using Graphical Captcha
Efficient Securing System Using Graphical Captcha Efficient Securing System Using Graphical Captcha
Efficient Securing System Using Graphical CaptchaSankar Anand
 
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaPlataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaHamilton Oliveira
 

Similar to Software Security Certification (20)

Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security Certification
 
EC-Council secure programmer. net
EC-Council secure programmer. netEC-Council secure programmer. net
EC-Council secure programmer. net
 
EC-Council Secure Programmer Java
EC-Council Secure Programmer JavaEC-Council Secure Programmer Java
EC-Council Secure Programmer Java
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
 
Manoj Kumar_CA
Manoj Kumar_CAManoj Kumar_CA
Manoj Kumar_CA
 
Owasp masvs spain 17
Owasp masvs spain 17Owasp masvs spain 17
Owasp masvs spain 17
 
Certifications in IT fields
Certifications in IT fieldsCertifications in IT fields
Certifications in IT fields
 
"Exploring the Diverse World of CCNP Certifications" .pdf
"Exploring the Diverse World of CCNP Certifications" .pdf"Exploring the Diverse World of CCNP Certifications" .pdf
"Exploring the Diverse World of CCNP Certifications" .pdf
 
Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
 
Pattern For Ws Security
Pattern For Ws SecurityPattern For Ws Security
Pattern For Ws Security
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren Shah
 
Muthu_Karthick_Sudhan
Muthu_Karthick_SudhanMuthu_Karthick_Sudhan
Muthu_Karthick_Sudhan
 
VSEC Sourcecode Review Service Profile
VSEC Sourcecode Review Service ProfileVSEC Sourcecode Review Service Profile
VSEC Sourcecode Review Service Profile
 
Secure DevOps: A Puma's Tail
Secure DevOps: A Puma's TailSecure DevOps: A Puma's Tail
Secure DevOps: A Puma's Tail
 
Efficient Securing System Using Graphical Captcha
Efficient Securing System Using Graphical Captcha Efficient Securing System Using Graphical Captcha
Efficient Securing System Using Graphical Captcha
 
Profile_Ahmad2
Profile_Ahmad2Profile_Ahmad2
Profile_Ahmad2
 
Plataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação CibernéticaPlataforma de Operação e Simulação Cibernética
Plataforma de Operação e Simulação Cibernética
 

More from Vskills

Vskills certified administrative support professional sample material
Vskills certified administrative support professional sample materialVskills certified administrative support professional sample material
Vskills certified administrative support professional sample materialVskills
 
vskills customer service professional sample material
vskills customer service professional sample materialvskills customer service professional sample material
vskills customer service professional sample materialVskills
 
Vskills certified operations manager sample material
Vskills certified operations manager sample materialVskills certified operations manager sample material
Vskills certified operations manager sample materialVskills
 
Vskills certified six sigma yellow belt sample material
Vskills certified six sigma yellow belt sample materialVskills certified six sigma yellow belt sample material
Vskills certified six sigma yellow belt sample materialVskills
 
Vskills production and operations management sample material
Vskills production and operations management sample materialVskills production and operations management sample material
Vskills production and operations management sample materialVskills
 
vskills leadership skills professional sample material
vskills leadership skills professional sample materialvskills leadership skills professional sample material
vskills leadership skills professional sample materialVskills
 
vskills facility management expert sample material
vskills facility management expert sample materialvskills facility management expert sample material
vskills facility management expert sample materialVskills
 
Vskills international trade and forex professional sample material
Vskills international trade and forex professional sample materialVskills international trade and forex professional sample material
Vskills international trade and forex professional sample materialVskills
 
Vskills production planning and control professional sample material
Vskills production planning and control professional sample materialVskills production planning and control professional sample material
Vskills production planning and control professional sample materialVskills
 
Vskills purchasing and material management professional sample material
Vskills purchasing and material management professional sample materialVskills purchasing and material management professional sample material
Vskills purchasing and material management professional sample materialVskills
 
Vskills manufacturing technology management professional sample material
Vskills manufacturing technology management professional sample materialVskills manufacturing technology management professional sample material
Vskills manufacturing technology management professional sample materialVskills
 
certificate in agile project management sample material
certificate in agile project management sample materialcertificate in agile project management sample material
certificate in agile project management sample materialVskills
 
Vskills angular js sample material
Vskills angular js sample materialVskills angular js sample material
Vskills angular js sample materialVskills
 
Vskills c++ developer sample material
Vskills c++ developer sample materialVskills c++ developer sample material
Vskills c++ developer sample materialVskills
 
Vskills c developer sample material
Vskills c developer sample materialVskills c developer sample material
Vskills c developer sample materialVskills
 
Vskills financial modelling professional sample material
Vskills financial modelling professional sample materialVskills financial modelling professional sample material
Vskills financial modelling professional sample materialVskills
 
Vskills basel iii professional sample material
Vskills basel iii professional sample materialVskills basel iii professional sample material
Vskills basel iii professional sample materialVskills
 
Vskills telecom management professional sample material
Vskills telecom management professional sample materialVskills telecom management professional sample material
Vskills telecom management professional sample materialVskills
 
Vskills retail management professional sample material
Vskills retail management professional sample materialVskills retail management professional sample material
Vskills retail management professional sample materialVskills
 
Vskills contract law analyst sample material
Vskills contract law analyst sample materialVskills contract law analyst sample material
Vskills contract law analyst sample materialVskills
 

More from Vskills (20)

Vskills certified administrative support professional sample material
Vskills certified administrative support professional sample materialVskills certified administrative support professional sample material
Vskills certified administrative support professional sample material
 
vskills customer service professional sample material
vskills customer service professional sample materialvskills customer service professional sample material
vskills customer service professional sample material
 
Vskills certified operations manager sample material
Vskills certified operations manager sample materialVskills certified operations manager sample material
Vskills certified operations manager sample material
 
Vskills certified six sigma yellow belt sample material
Vskills certified six sigma yellow belt sample materialVskills certified six sigma yellow belt sample material
Vskills certified six sigma yellow belt sample material
 
Vskills production and operations management sample material
Vskills production and operations management sample materialVskills production and operations management sample material
Vskills production and operations management sample material
 
vskills leadership skills professional sample material
vskills leadership skills professional sample materialvskills leadership skills professional sample material
vskills leadership skills professional sample material
 
vskills facility management expert sample material
vskills facility management expert sample materialvskills facility management expert sample material
vskills facility management expert sample material
 
Vskills international trade and forex professional sample material
Vskills international trade and forex professional sample materialVskills international trade and forex professional sample material
Vskills international trade and forex professional sample material
 
Vskills production planning and control professional sample material
Vskills production planning and control professional sample materialVskills production planning and control professional sample material
Vskills production planning and control professional sample material
 
Vskills purchasing and material management professional sample material
Vskills purchasing and material management professional sample materialVskills purchasing and material management professional sample material
Vskills purchasing and material management professional sample material
 
Vskills manufacturing technology management professional sample material
Vskills manufacturing technology management professional sample materialVskills manufacturing technology management professional sample material
Vskills manufacturing technology management professional sample material
 
certificate in agile project management sample material
certificate in agile project management sample materialcertificate in agile project management sample material
certificate in agile project management sample material
 
Vskills angular js sample material
Vskills angular js sample materialVskills angular js sample material
Vskills angular js sample material
 
Vskills c++ developer sample material
Vskills c++ developer sample materialVskills c++ developer sample material
Vskills c++ developer sample material
 
Vskills c developer sample material
Vskills c developer sample materialVskills c developer sample material
Vskills c developer sample material
 
Vskills financial modelling professional sample material
Vskills financial modelling professional sample materialVskills financial modelling professional sample material
Vskills financial modelling professional sample material
 
Vskills basel iii professional sample material
Vskills basel iii professional sample materialVskills basel iii professional sample material
Vskills basel iii professional sample material
 
Vskills telecom management professional sample material
Vskills telecom management professional sample materialVskills telecom management professional sample material
Vskills telecom management professional sample material
 
Vskills retail management professional sample material
Vskills retail management professional sample materialVskills retail management professional sample material
Vskills retail management professional sample material
 
Vskills contract law analyst sample material
Vskills contract law analyst sample materialVskills contract law analyst sample material
Vskills contract law analyst sample material
 

Recently uploaded

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Software Security Certification

  • 2. Certified Software Security Professional www.vskills.in CCCCertifiedertifiedertifiedertified Software Security ProfessionalSoftware Security ProfessionalSoftware Security ProfessionalSoftware Security Professional Certification CodeCertification CodeCertification CodeCertification Code VS-1086 Vskills certification for Software Security Professional assesses the candidate for a company’s secured software development needs. The certification tests the candidates on various areas in software security which includes knowledge of various types of security attacks and countermeasures on programming language (C/C++, Java and .Net), web applications, web services, SOA-based application, and mobile applications and tools used. Why should one take this certification?Why should one take this certification?Why should one take this certification?Why should one take this certification? This Course is intended for professionals and graduates wanting to excel in their chosen areas. It is also well suited for those who are already working and would like to take certification for further career progression. Earning Vskills Software Security Professional Certification can help candidate differentiate in today's competitive job market, broaden their employment opportunities by displaying their advanced skills, and result in higher earning potential. Who will benefit from taking this certification?Who will benefit from taking this certification?Who will benefit from taking this certification?Who will benefit from taking this certification? Job seekers looking to find employment in IT or software development department of various software development companies in public or private sector, students generally wanting to improve their skill set and make their CV stronger and existing employees looking for a better role can prove their employers the value of their skills through this certification Test DetailsTest DetailsTest DetailsTest Details • Duration:Duration:Duration:Duration: 60 minutes • No. of questions:No. of questions:No. of questions:No. of questions: 50 • Maximum marks:Maximum marks:Maximum marks:Maximum marks: 50, Passing marks: 25 (50%) There is no negative marking in this module. Fee StructureFee StructureFee StructureFee Structure Rs. 4,000/- (Includes all taxes) Companies that hire Vskills CertifiedCompanies that hire Vskills CertifiedCompanies that hire Vskills CertifiedCompanies that hire Vskills Certified Software Security ProfessionalSoftware Security ProfessionalSoftware Security ProfessionalSoftware Security Professional Software security professionals are in great demand. Companies specializing in development and testing of software are constantly hiring knowledgeable software security professionals.
  • 3. Certified Software Security Professional www.vskills.in Table of Contents 1.1.1.1. IntroductionIntroductionIntroductionIntroduction 1.1 Digital assets 1.2 Need for computer security 1.3 Risk and vulnerabilities 2.2.2.2. AttacksAttacksAttacksAttacks,,,, Security andSecurity andSecurity andSecurity and MeasuresMeasuresMeasuresMeasures 2.1 Evolution and attack types 2.2 Attack tools 2.3 Security levels 2.4 Security Standards 3.3.3.3. Secured Software CycleSecured Software CycleSecured Software CycleSecured Software Cycle 3.1 Security Lifecycle 3.2 Security Requirements 3.3 Security use cases and modeling 3.4 Security Design and authentication 3.5 Secured coding techniques and review 3.6 Security testing and remediation 4.4.4.4. C/C+ programmingC/C+ programmingC/C+ programmingC/C+ programming 4.1 UNIX/Linux and C/C++ evolution 4.2 Attack types and countermeasures in C/C++ 4.3 UNIX security and privileges 4.4 UNIX network programming 5.5.5.5. WindowsWindowsWindowsWindows programmingprogrammingprogrammingprogramming 5.1 Windows Security 5.2 .Net components and runtime security 5.3 .Net security design 5.4 Identity, principal and permission 5.5 Security techniques (type safety, role based and code access) 5.6 ASP.NET and remoting security 6.6.6.6. Java programmingJava programmingJava programmingJava programming 6.1 Java architecture and platform security 6.2 Cryptography API and secure sockets 6.3 JSSE and Java sandbox 6.4 Applets and swing security 7.7.7.7. SOASOASOASOA----based securitybased securitybased securitybased security 7.1 TCP/IP protocols and socket security 7.2 SOA basics and challenges
  • 4. Certified Software Security Professional www.vskills.in 7.3 RPC and RMI security 7.4 DCOM and ActiveX security 8.8.8.8. Web ApplicationsWeb ApplicationsWeb ApplicationsWeb Applications SecuritySecuritySecuritySecurity 8.1 Web security concepts 8.2 Identity management techniques 8.3 PKI and future 8.4 Attack techniques (code injection and parameter passing) 8.5 Emerging attack types and AVDL 9.9.9.9. Securing MobileSecuring MobileSecuring MobileSecuring Mobile 9.1 Mobile computing architecture and networks 9.2 NGN concepts and security 9.3 J2ME, Java card and USIM security 9.4 Securing WAP, mobile agents and mobile networks 9.5 Windows mobile security 10.10.10.10. Advance Java SecurityAdvance Java SecurityAdvance Java SecurityAdvance Java Security 10.1 Servlet Security 10.2 Securing JSP, Java struts, JSF and EJB 11.11.11.11. AdvanceAdvanceAdvanceAdvance Web ServicesWeb ServicesWeb ServicesWeb Services 11.1 Web service security model and standards 11.2 XML attacks and SSL usage 11.3 OFX and IFX
  • 5. Certified Software Security Professional www.vskills.in Course OutlineCourse OutlineCourse OutlineCourse Outline IntroductionIntroductionIntroductionIntroduction Understanding the relevance and identification of digital assets Illustrating the need for computer security in an organization Describing the concept of risk and vulnerabilities as applied to security paradigm AttacksAttacksAttacksAttacks,,,, Security andSecurity andSecurity andSecurity and MeasuresMeasuresMeasuresMeasures Detailing the evolution and different types of security attacks like spoofing, DoS, etc. Enlisting the various attack tools like ethereal, tcpdump, etc. Explaining security at various levels like database, network, computer, etc. Describing the different security standards and bodies like NIST, OWASP, etc. Secured Software CycleSecured Software CycleSecured Software CycleSecured Software Cycle Illustrating the concept of security lifecycle which includes various phases of security requirements, security use cases and modeling, security design and authentication, secured coding techniques and review and the concluding phase of lifecycle, security testing and remediation C/C+ programmingC/C+ programmingC/C+ programmingC/C+ programming Describing the evolution of C/C++ and their growth with UNIX or Linux Understanding the different types of attack and countermeasures in C/C++ Explaining the concept of UNIX security and privileges for maintaining security Detailing the techniques for security implementation in UNIX network programs Windows programmingWindows programmingWindows programmingWindows programming Illustrating the windows security architecture for windows operating system Describing the various components of .Net technology stack of Microsoft and implementation of .Net runtime security and the .Net security design Explaining the concept of identity, principal and permission in .Net Detailing the various security techniques as type safety, role based, code access, etc. Understanding the concept of ASP.NET for web application and remoting security Java programmingJava programmingJava programmingJava programming Describing the basics of Java architecture and it’s platform security Illustrating the usage of cryptography API for secured sockets Explaining JSSE for non-secured sockets and Java sandbox for secured environment Detailing the various methods for applets and swing security SOASOASOASOA----based securitybased securitybased securitybased security Understanding the TCP/IP protocols and socket security associated with them Describing the basics and security challenges for service oriented architecture Detailing the security techniques for remote procedure call (RPC), remote method Invocation (RMI), distributed COM (DCOM) and ActiveX technology
  • 6. Certified Software Security Professional www.vskills.in Web ApplicationsWeb ApplicationsWeb ApplicationsWeb Applications SecuritySecuritySecuritySecurity Explaining the concepts of web security and various techniques for identity management for web applications Understanding basics of public key infrastructure (PKI) and emerging technologies Describing the various attack techniques like code injection and parameter passing Detailing the new attack types like JSON pair injection, JS array poisoning, etc. and the concept of application vulnerability description language (AVDL) for countering Securing MobileSecuring MobileSecuring MobileSecuring Mobile Understanding the architecture of mobile computing and concept of mobile networks Describing the basics of next generation networks (NGN) and security architecture Illustrating the various security techniques for J2ME, Java card and USIM Detailing the process to secure WAP, mobile agents and mobile networks Explaining the implementation of security to windows OS based mobiles Advance Java SecurityAdvance Java SecurityAdvance Java SecurityAdvance Java Security Illustrating the different techniques for servlet security Describing the process to secure JSP, Java struts, JSF and EJB AdvanceAdvanceAdvanceAdvance Web ServicesWeb ServicesWeb ServicesWeb Services Understanding the different web service security model like WS-security, P2P security, etc. and the concept of web service security standards Explaining the various types of XML attacks and usage of SSL for web services Describing the financial transaction security as implemented by open financial exchange (OFX) and interactive financial exchange (IFX)
  • 7. Certified Software Security Professional www.vskills.in Sample QuestionsSample QuestionsSample QuestionsSample Questions 1.1.1.1. TheTheTheThe term AJAX refers toterm AJAX refers toterm AJAX refers toterm AJAX refers to _____________._____________._____________._____________. A. Asynchronous JavaSwing and XML B. Asynchronous JavaScript and XML C. Asynchronous Java and XML D. None of the above 2222. T. T. T. Thehehehe namenamenamename of an openof an openof an openof an open----source IDsource IDsource IDsource ID isisisis _____________._____________._____________._____________. A. Ethereal B. Snort C. TcpDump D. None of the above 3333. Usually, TLS provides data communication security over. Usually, TLS provides data communication security over. Usually, TLS provides data communication security over. Usually, TLS provides data communication security over _____________._____________._____________._____________. A. Remote network B. Private networks C. Public networks D. None of the above 4444.... TheTheTheThe term AES expands toterm AES expands toterm AES expands toterm AES expands to _____________._____________._____________._____________. A. Advanced encryption specification B. Advanced encryption standard C. Advanced encoding standard D. None of the above 5555. The. The. The. The methodology used by Microsoft for threat modeling ismethodology used by Microsoft for threat modeling ismethodology used by Microsoft for threat modeling ismethodology used by Microsoft for threat modeling is _____________._____________._____________._____________. A. STRIDE B. COMPASS C. RENUN D. None of the above Answers: 1 (B), 2 (B), 3 (C), 4 (A), 5 (A)