c-sap (Certified Secure Application Programmer)

Course Description

c-sap, the Secure Application Programmer Certification Program, is intended to teach the fundamental techniques of secure programming to designers, programmers, application developers, system administrators and auditors, and to have them gain experience in compulsory controls and measures.

Who Should Attend

Designers, programmers, software developers, system administrators and auditors


The training will offer the following benefits to organizations or to participants, in case of a customized program or an open platform training, respectively:

For organizations:

  • Overall knowledge about the audit methods of security issues and solutions related to all software development phases from the design/software phase to implementation,
  • Acquire knowledge and experience about attacks on software and applications, and about tools and technical methods used for this purpose,
  • Attain the know-how to reformulate information security criteria for those organizations that are advanced in standardization and auditing.

For Programmers and Application Developers:

  • Recognize the nature and techniques of attacks threatening software security, and the vulnerabilities that these attacks rely on from design to coding,
  • Learn to develop secure software/applications, discover software languages and applications with respect to security,
  • Gain experience about the attack techniques used and countermeasures; learn the programming optimization that will allow adoption of security measures in software programs while not causing unavailability,
  • Increase chances of professional competition in secure software.

For IT Auditors:

  • Familiarize with general hacking techniques in relation to information security; acquire overall information about the audit methods of security issues and solutions that the software programs are exposed to during design/software introduction phases,
  • Have the know-how to audit the conformity of software and input conditions to the specified security rules,
  • Have knowledge about the security audit points and methods of different applications.

For IT Software Project Leaders:

  • Learn about the assessment of the software with respect to security during the project development phase,
  • Have the knowledge to audit the conformity of the design to specified security conditions,
  • Familiarize with the security vulnerabilities and control points of different languages and applications,
  • Learn about the continuous auditing methods for common security vulnerabilities.

Those who succeed in the seminar and the exam given at the end are entitled to receive c-sap certification.

Professionals holding c-sap certificates shall have qualified for participation in the following advanced c-sap training and certification programs, and for furthering their mastery:

  • Certified Secure Microsoft .net Application Programmer (c-sap/.net)
  • Certified Secure C++ Application Programmer (c-sap/c++)
  • Certified Secure Java Application Programmer (c-sap/java)
  • Certified Secure Application Auditor (c-sap/auditor)

Training Outline

  • Basic Security
  • GTE Concept
  • Secure system/solution design
  • Key Application Security Elements
    • Authentication
    • Access Control
    • Session Management
    • Data Protection
    • Input Validation
  • Common security errors
    • Reasons of these errors
    • Broken Access Control
    • Broken Account and Session Management
    • Error Handling Problems
    • Insecure use of Cryptography
    • Remote Administration Flaws
    • Web and Application Server Misconfiguration
    • Unnecessary and Malicious Code
    • Poor Logging
    • Caching, Pooling and Reuse Errors
    • Others
  • Application attacking methods, errors and solutions
    • XSS
    • SQL Injection/Code Injection
    • Buffer/Stack/.. Overrun/Overflows
    • Social Engineering
    • Session Hijacking/Session Replay
    • Other methods
  • Database design for secure application development
  • Application development methods and security MSF, CMMI, …
  • Cryptography Use
    • Encryption
    • Hashing
    • Digital Signatures
    • Certificates and PKI
  • Web-based Application Security Audit
    • Tools
  • Reporting
  • c-sap Certification Exam

Training Duration

3.5 days (half-day – exam)