Global Information Assurance - Python Coder Certification

Description

A professional that can create and modify custom tools is a valuable member of any information security team. Code developers with information security skills can customize tools to their environment, create tools for the information security community, increase productivity by automating previously manual tasks, simulate advanced attacks, and more. The GPYC certification focuses on applying core programming concepts and techniques to the Python programming language. The certification has a special focus on skills and techniques that will assist an information security professional in penetration tests, daily work, and special projects. Certified individuals can create simple Python-based tools to interact with network traffic, create custom executables, test and interact with databases and websites, and parse logs or sets of data.

Target

The GPYC is targeted toward penetration testers and information security professionals who want to use the Python programming language to enhance their effectiveness during information security engagements or projects. It is also helpful to experienced Python developers who want to build additional information security skills.

Successful GPYC candidates will demonstrate an understanding of core programming concepts, and the ability to write and analyze working code using the Python programming language. They will be familiar with several common Python libraries, and be able to use that functionality in their programs. Successful candidates can also apply their skills to information security tasks, like creating custom tools, collecting information about a system or network, interacting with websites and databases, and automating testing.

No Specific training is required for GPYC. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. 

The topic areas for each exam part follow:

1. Control Structures and Iteration: The candidate will be able to create and analyze simple control structures, including conditionals (if/else/elif) and for/while loops using Python.
2. Creation of Executables: The candidate will have a basic understanding of creating a Python executable for Windows clients with a focus on penetration testing. This includes an understanding of backdoor functionality, the conversion of a Python program to an executable file, and the use of Veil and Metasploit to create an executable.
3. Data Analysis with Python: The candidate will demonstrate the ability to use Python for various data analysis techniques including parsing binary data with the struct module, common file formats, log analysis and statistics with freq.py, counters and sets, long tail and short-tail analysis.
4. Data Structures: The candidate will be able to create and manipulate variable types and data structures, including integers, strings, and sequential data structures, including dictionaries, lists, and tuples.
5. Database Interaction: The candidate will understand how to create a Python program to interact with SQL activity on a webpage, and optimize performance on injection attacks.
6. Exception Handling: The candidate will have a basic understanding of Python exception handling capabilities, and how to build these into a program.
7. Functions, Classes and Objects: The candidate will be able to demonstrate an understanding of Python functions, classes, and object oriented programming.
8. Network Interfaces: The candidate will be able to implement TCP/UDP network based communications using Pythons socket module.
9. Packet Analysis with Python: The candidate will understand how to use extended functionality of Python and Scapy to create, read, analyze, and manipulate captured network traffic.
10. Python Basics: The candidate will be able to implement the more fundamental elements of Python, including creating, debugging and executing a program, and user/file input and output.
11. Regular Expressions: The candidate will have a basic understanding of regular expressions, and how to implement them in searches with Python.
12. Website Interaction: The candidate will understand how to use Python as a "browser" to interact with URLs and websites, handle cookies, and manipulate or capture traffic.