Certified Secure Developer

About This Course

About This Course

A recent study compared the cost implementing security into applications at various stages of the development life cycle. Some of the interesting findings from that study include:

  • Adding security during coding costs 6.5 times more than architecting it during the upfront software design process
  • Implementing security after deployment costs 15 times more than architecting it during the upfront software design process
  • Fixing security holes after deployment costs 100 times more than architecting it during the upfront software design process
  • On average, every 1,000 lines of code has at least 5 to 15 defects (United States Department of Defense and the Software Engineering Institute).

Developers want to Write Secure Code, they just Don’t know how. This course transforms a developer into a secure developer irrespective of the language they use.

Course Duration:

3 Days

Module 1: Web Application – Security Basics

  • What is Security?
  • What is Secure Coding ?
  • Why Anti-virus, Firewall, IPS, IDS is not enough to stop application hacking?
  • Why do you need a Web Application Firewall?
  • Protocol Basics of HTTP and HTTPS
  • What is a Stateless protocol,
  • Why Cookies and/or Sessions are an integral part of web applications?
  • What is a Web Server?
  • Database and its language basics
  • Issues in the protocol structures of web
  • A Holistic approach to Security
  • Secure the Network, Host & Application
  • Threat Modelling : Stride and Dread
  • RACI Matrix
  • Web Services

Module 2 : Principles of Secure Development

The 8 Principles of Secure Development are basic foundation blocks for Secure Programming. Generally, these 8 principles are not followed during the Software Development process resulting in applications with tons of vulnerabilities that are easily exploited by hackers/intruders

  • Input Validation,
  • Output Validation,
  • Error Handling,
  • Authentication and Authorization,
  • Session Management,
  • Secure Communications,
  • Secure Storage and
  • Secure Resource Access

Module 3: OWASP & SANS Top Web Application Vulnerabilities – Attacks & Defenses

Attacks with Hands-on Labs on :

  • SQL Injection,
  • Cross Site Scripting,
  • Cross Site Request Forgery,
  • LDAP Injection,
  • Command Injection,
  • Parameter/Form Tampering,
  • Payment Gateway hacking
  • Improper Error Handling,
  • unvalidated Input,
  • Directory Traversal,
  • Cookie Poisoning,
  • Insecure storage,
  • Information Leakage,
  • Broken Account Management,
  • Denial of Service,
  • Buffer Overflow,
  • Log Tampering,
  • Broken Access Control,
  • Broken Session Management,
  • Session Fixation,
  • Security Misconfiguration.
  • File Upload and Download and many more

Module 4: Application Security Testing

  • Automatic and Manual Vulnerability Scanning with W3af, Wapiti, Nikto, BurpSuite
  • Vulnerability Scanning with Acunetix & Other Commercial Scanners
  • Vulnerability Scanning with NeXpose Community
  • SSL Strip & Man-in-the-Middle Attacks
  • Password Cracking
  • Automated and Manual Exploitation of Web Vulnerabilities using tons of Scripts
  • Vulnerability Assessment reporting with Remediations and Mitigations

Certified Secure Developer (CSD)

The CSD examination is certified by the Global ACE Certification. The examination framework is designed to align with a set of relevant Knowledge, Skills and Attitudes (KSA) that is necessary for an Information Security Professional. Candidates will be tested via a combination of either continual assessment (CA), multiple choice questions (MC), theory/underpinning knowledge assessment (UK), practical assessment (PA), assignments (AS) and case studies (CS) as required.

Candidates can take the examination at authorized examination centres in participating scheme member countries. Candidates who have successfully passed the CSD examination will be eligible to apply as an associate or professional member by fulfilling the membership criteria defined under the Global ACE Certification.

Free Add-on : Free Membership access to KALAM Cybersecurity Collaboration & Community Skills Validation Platform

Certified Secure Developer (CSD)

Exam Platform : KALAM

Exam Format : Multiple Choice Question (MCQ)

Exam Questions : 50 Questions

Exam Duration is : 120 Minutes

Exam Pass Mark : 70%

Exam Fees : Inclusive in the Course Fees

Free Add-on : Free Membership access to KALAM Cybersecurity Collaboration & Community Skills Validation Platform

Certified Secure Developer (CSD) :

Coming Soon

Truly Inspiring & well-conducted

I gained various technical skills that now assist me in my day to day job in cybersecurity field.

Hands-on Labs with latest tools

Very beneficial as the course taught me security from hackers' perspective and learnt how to defend

Trainer was patient and knowledgeable

Taking this course was a stepping stone and I'm very pleased with the learning based on latest attacks and vulnerabilities

Frequently Asked Questions

What is the prerequisite for this course?
Current and Future Software Developers
Where can I get the Course Schedule?
Reach out to us via our Contact Us page with details on your location and interested course. We will find the nearest training partner to assist you for F2F / online class.
Is it necessary to take the exam on 5th day?
The exam voucher validity is 6 months, you can take exam within 6 months from your course date. We recommend you to take the exam at the earliest.
With this 5-day course, will I become a professional?
A professional in 5 days is just a marketing gimmick. We get you started with the right knowledge and assist you through the process of achieving professionalism after the class with mentoring and guidance through our Community Ecosystem platform, KALAM.