The GIAC Secure Software Programmers certification allows candidates to demonstrate mastery of the security knowledge and skills needed to deal with common programming errors that lead to most security problems.
GIAC Certified secure software programmers (GSSP) have the knowledge, skills, and abilities to write secure code and recognize security shortcomings in existing code.
Preparing for the GSSP-JAVA Exam: Candidates may choose to prepare for the GSSP-JAVA exam by taking the SANS Training Course: DEV541: Secure Coding in Java/JEE: Developing Defensible Applications
*No Specific training is required for any GIAC certification. If candidates need help in mastering the objectives for this certification, there are many sources of information available. Practical experience is one option; there are also numerous books on the market covering Computer Information Security. Another option is SANS training, or any relevant courses from other training providers.*
NOTE:
GIAC reserves the right to change the specifications for each certification without notice. The GSSP-Java changed from a 150 question format to a 75 question format exam with a passing point of 73.3% for all candidates receiving access to their certification attempts on or after 12/22/10. To verify the format of your current certification attempt, please read the Certification Information found in your portal account at https://exams.giac.org/pages/attempts.
Certifications must be renewed every 4 years. Click here for details.
NOTE: GIAC exams are NOT given the day after the conference ends.
Exams are delivered online through a standard web browser. For exams purchased with SANS training, access to the exam will be available 7-10 days following the end of the conference. Standalone challenge exams are issued within 24 hours upon receipt of payment. You will receive an email from GIAC when your exam has been issued to your portal account. You have 120 days to complete the exam from the time we send notice that it is available. The exams are proctored and should be scheduled using our proctored exam procedure.
Exam Certification Objectives | Certification Objective Outcome Statement |
---|---|
Application Faults & Logging | The candidate will understand how to properly handle expected and unexpected application faults |
Authentication | The candidate will understand the importance of implementing secure authentication controls |
Authorization | The candidate will understand the importance of implementing secure authorization controls |
Common Web Application Attacks | The candidate will demonstrate an understanding of common web application attacks and vulnerabilities. |
Data Validation | The candidate will understand how data validation can be used to prevent common vulnerabilities |
Encryption | The candidate will understand how to use Java APIs to encrypt data in transit and data at rest |
Java Language and Platform Security | The candidate will understand the security implications of language and platform features built in to Java |
Secure SDLC | The candidate will demonstrate an understanding of how to perform security activities as part of the SDLC |
Session Management | The candidate will understand the importance of secure session management controls |
Training is available from a variety of resources including on line, course attendance at a live conference, and self study.
Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.
Finally, college level courses or study through another program may meet the needs for mastery.
The procedure to contest exam results can be found at www.giac.org/about/procedures/grievance.
Logging and Monitoring to Detect Network Intrusions and Compliance Violations in the Environment
By Sunil Gupta | GCIA | 7008
Using and Configuring Security Onion to detect and prevent Web Application Attacks
By Ashley Deuble | GCIA | 7994
Attributes of Malicious Files
By Joel Yonts | GCIH | 7194
Small Business: The New Target What can they Do?
By Robert Comella | GCIA | 5138
View More Papers »
GIAC is seeking SME's for our Windows Security Admin job tas [...]
August 31, 2012 - 6:48 PM
GIAC is seeking SMEs for 2012 Forensic Analyst (GCFA) job ta [...]
March 7, 2012 - 3:07 PM
This week's featured question is from our Forensics Analyst [...]
December 27, 2011 - 6:18 PM
Christiaan Ehlers | GWAPT | 3648
Valerie Feehan | GCFW | 3805
Tim Kitchens | GREM | 3386
View More Professionals »
Phone: 301-654-7267
Mon-Fri 9am-8pm EST/EDT
Questions: info@giac.org
More »