Global Secure Software Programmer .NET

ndividuals who are responsible for coding secure software applications using .NET, identifying shortfalls in the security knowledge of other programmers, ensuring other programmers have adequate secure coding skills, and advanced secure programming skills.

The Global Secure Software Programmers certification allows candidates to demonstrate mastery of the security knowledge and skills needed to deal with common programming errors that lead to most security problems.

Global Certified secure software programmers (GSSP) have the knowledge, skills, and abilities to write secure code and recognize security shortcomings in existing code.

The topic areas for each exam part follow:

1. .NET Authentication: The candidate will demonstrate an ability to implement secure authentication and controls in a .NET environment, as well as understanding common vulnerabilities.
2. .NET Authorization: The candidate will demonstrate an ability to implement secure authorization in a .NET environment, as well as understanding common vulnerabilities.
3. .NET Data Validation: The candidate will demonstrate understanding of how to secure input and output using common data validation techniques.
4. .NET Encryption: The candidate will demonstrate understanding of .NET encryption methods and algorithms as well as how to properly encrypt sensitive information in transit and at rest.
5. .NET Exception handling and logging: The candidate will demonstrate an understanding of the principles behind logging security-relevant events,configuration of error pages, and how to appropriately handle exceptions.
6. .NET Framework Security: The candidate will demonstrate an understanding of the security implications of language and platform features built in to the .NET Framework.
7. .NET Session Management: The candidate will demonstrate understanding of secure server-side and client-side session management controls, as well as common vulnerabilities and attacks.
8. Common Web and .NET Application Attacks: The candidate will demonstrate an understanding of common web and .NET application vulnerabilities and attacks, including parameter manipulation, injection attacks, and overflows.
9. Secure SDLC: The candidate will demonstrate an understanding of how to perform security activities, including threat modeling, as part of the systems development lifecycle (SDLC).