Target
Individuals who are responsible for coding secure software applications, identifying shortfalls in the security knowledge of other programmers, ensuring other programmers have adequate secure coding skills, and advanced secure programming skills.
The GIAC Secure Software Programmers certification allows candidates to demonstrate mastery of the security knowledge and skills needed to deal with common programming errors that lead to most security problems.
GIAC Certified secure software programmers (GSSP) have the knowledge, skills, and abilities to write secure code and recognize security shortcomings in existing code.
Course
Preparing for the GSSP-JAVA Exam: Candidates may choose to prepare for the GSSP-JAVA exam by taking the SANS Training Course: DEV541: Secure Coding in Java/JEE: Developing Defensible Applications
*No Specific training is required for any GIAC certification. If candidates need help in mastering the objectives for this certification, there are many sources of information available. Practical experience is one option; there are also numerous books on the market covering Computer Information Security. Another option is SANS training, or any relevant courses from other training providers.*
Requirements
- 1Proctored exam
- 75 questions
- Time limit of 3 hours
- Minimum Passing Score of 73.3%
NOTE:
GIAC reserves the right to change the specifications for each certification without notice. The GSSP-Java changed from a 150 question format to a 75 question format exam with a passing point of 73.3% for all candidates receiving access to their certification attempts on or after 12/22/10. To verify the format of your current certification attempt, please read the Certification Information found in your portal account at https://exams.giac.org/pages/attempts.
Renew
Certifications must be renewed every 4 years. Click here for details.
Delivery
NOTE: GIAC exams are NOT given the day after the conference ends.
Exams are delivered online through a standard web browser. For exams purchased with SANS training, access to the exam will be available 7-10 days following the end of the conference. Standalone challenge exams are issued within 24 hours upon receipt of payment. You will receive an email from GIAC when your exam has been issued to your portal account. You have 120 days to complete the exam from the time we send notice that it is available. The exams are proctored and should be scheduled using our proctored exam procedure.
Links
- Certified Professionals (GSSP-JAVA)
- Recertification
- Exam Feedback Procedure
- Grievance Procedure
- Proctored exam procedure
- SANS Information Security Reading Room
Bulletin (Part 2 of Candidate Handbook)
The topic areas for each exam part follow:
| Exam Certification Objectives | Certification Objective Outcome Statement |
|---|---|
| Application Faults & Logging | The candidate will understand how to properly handle expected and unexpected application faults |
| Authentication | The candidate will understand the importance of implementing secure authentication controls |
| Authorization | The candidate will understand the importance of implementing secure authorization controls |
| Common Web Application Attacks | The candidate will demonstrate an understanding of common web application attacks and vulnerabilities. |
| Data Validation | The candidate will understand how data validation can be used to prevent common vulnerabilities |
| Encryption | The candidate will understand how to use Java APIs to encrypt data in transit and data at rest |
| Java Language and Platform Security | The candidate will understand the security implications of language and platform features built in to Java |
| Secure SDLC | The candidate will demonstrate an understanding of how to perform security activities as part of the SDLC |
| Session Management | The candidate will understand the importance of secure session management controls |
Where to Get Help
Training is available from a variety of resources including on line, course attendance at a live conference, and self study.
Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.
Finally, college level courses or study through another program may meet the needs for mastery.
The procedure to contest exam results can be found at http://www.giac.org/about/procedures/grievance.
No comments:
Post a Comment