Final Exam: Secure Programmer will test your knowledge and application of the topics presented throughout the Secure Programmer track of the Skillsoft Aspire Programmer to Secure Agile Programmer Journey.
apply C# secure coding to combat common code vulnerabilities
apply JavaScript secure coding to combat SQL Injection Vulnerability
code against buffer overflow attacks in C#
code against buffer overflow attacks in Java
code against buffer overflow attacks in Java - part 2
code against buffer overflow attacks in Java - part 3
code against buffer overflow attacks in JavaScript
code against buffer overflow attacks in Python
code against cross-site scripting attacks in C#
code against cross-site scripting attacks in Java
code against cross-site scripting attacks in JavaScript
code against cross-site scripting attacks in JavaScript - part 2
code against cross-site scripting attacks in Python
code against format string attacks in C#
code against format string attacks in Java
code against format string attacks in Python
code against password cracking attacks in JavaScript
code against password cracking attacks in JavaScript - part 2
code against SQL injection attacks in C#
code against SQL injection attacks in C# - part 2
code against SQL injection attacks in Java
code against SQL injection attacks in Java - part 2
code against SQL injection attacks in JavaScript
code against SQL injection attacks in Python
code against SQL injection attacks in Python - part 2
describe and be able to avoid common programming errors that can undermine the security
describe and use CVE vulnerability scoring
describe and use threat models including STRIDE, PASTA, DREAD, and SQUARE
describe asymmetric algorithms including RSA, ECC, and Diffie-Helman
describe authentication and authorization, including models such as DAC, MAC, RBAC, and ABAC
describe hashing algorithms such as MD5 and SHA as well as MAC and HMAC
describe OWASP Top 10 vulnerabilities
describe OWASP Top 10 vulnerabilities including broken access control, security misconfiguration, sensitive data exposure, and insufficient attack protection
describe OWASP Top 10 vulnerabilities including cross-site request forgery, using components with known vulnerabilities, and underprotected APIs
describe OWASP Top 10 vulnerabilities including SQL injection, broken authentication, and cross-site scripting
describe secure programming verification and validation process and techniques
describe security concepts, including the CIA triangle, least privileges, and separation of duties
describe specific security vulnerabilities and recognize how to program counter techniques
describe symmetric algorithms including AES, Blowfish, and Serpent
describe the resiliency concepts such as stability, recovery, and defensive coding
identify OWASP Top 10 vulnerabilities including broken access control, security misconfiguration, sensitive data exposure, and insufficient attack protection
identify OWASP Top 10 vulnerabilities including cross-site request forgery, using components with known vulnerabilities, and underprotected APIs
identify security concepts, including the CIA triangle, least privileges, and separation of duties
identify symmetric algorithms including AES, Blowfish, and Serpent
identify the resiliency concepts such as stability, recovery, and defensive coding
implement C# secure coding to combat common code vulnerabilities
implement JavaScript secure coding to combat Cross-Site Scripting attacks
implement JavaScript secure coding to combat SQL Injection Vulnerability
implement Java secure coding to combat SQL Injection Vulnerability
implement Python secure coding to combat a variety of security vulnerabilities
recognize OWASP Top 10 vulnerabilities including broken access control, security misconfiguration, sensitive data exposure, and insufficient attack protection
recognize specific security vulnerabilities and recognize how to program counter techniques
use CVSS scoring for vulnerabilities
use OWASP Zap vulnerability scanner to test web sites for common vulnerabilities
use Vega Vulnerability Scanner to test web sites for common vulnerabilities