CertNexus Cyber Secure Coder: Certification, exam and training details
If you peel back the layer of some of your favorite business and personal applications, you will see thousands, if not millions, lines of code.
Unfortunately, malicious actors only need to find one vulnerable line in the right place to gain unauthorized access to the application or to manipulate the software’s behavior. While software developers do everything they can to prevent buggy code or lines revealing custom configurations that can be used for exploitation, often, that is not enough.
According to one 2019 study by Edgescan, 19% of all vulnerabilities reported that year occurred at the code level. However, another report from the Enterprise Strategy group found that nearly one in three application security professionals regularly do not have the right tools to identify and mitigate the risks to the code that comprises their software.
In recognition of this rather large attack surface, certification programs have sought to provide new and established IT professionals with the skills and knowledge needed to bolster their software security.
One program, in particular, the CertNexus Cyber Secure Coder, has been doing just that since 2017 and has updated its program with a new version in 2020.
Overview of certification
According to CertNexux, the Cyber Secure Coder (CSC) certification proves that an IT professional has “the knowledge, skills and abilities to design and develop a variety of applications for various platforms, analyze security concerns outside of specific languages and platforms, use a number of testing and analysis tools, and mitigate against common threats to data and systems.” This comprehensive exam is programming language and platform agnostic, meaning developers of every style and industry can benefit from the secure coding practices it covers.
The certification was first launched in early 2017 and, after three years, was updated in March 2020 with new content and testing objectives.
More specifically, based on the CertNexus guide, the CSC-210 version of the exam proves to employers and industry peers that an IT professional can:
- Identify the need for security in your software projects.
- Eliminate vulnerabilities within the software.
- Use security by design approach to design a secure architecture for your software.
- Implement standard protections to protect users and data.
- Apply various testing methods to find and correct security defects in your software.
- Maintain deployed software to ensure ongoing security.
Who should get certified?
The CSC aims to promote best practices, tools and skills that support high-quality software, with a particular emphasis on privacy and security.
Therefore, the CSC is an excellent fit for software engineers, programmers, developers and quality engineers across multiple programming languages and platforms who wish to deepen and broaden their knowledge of building protected applications for business use.
Although the CSC exam does not have an application fee or a requirement to send in supporting documentation to prove your past work history or eligibility, CertNexus strongly recommends that candidates have first-hand experience with several key knowledge areas.
According to CertNexus, these recommendations include:
- Developing applications using multiple programming languages and coding environments while following generally accepted coding best practices
- Developing applications for a variety of platforms: web, cloud, mobile and desktop
- Writing and analyze use cases, technical requirements, specifications and other application documentation
- Working with common tools, such as analysis, debugging, encryption and penetration testing tools
The CSC exam validates that the candidate has the knowledge and skills required to design, develop and test applications, utilizing the OWASP Top Ten best practices as a foundation for understanding the frequency and types of vulnerabilities that have the potential to undermine software security.
This includes identifying plans and strategies for dealing with security and software defects, misconfigurations and the general promotion of secure coding throughout the software development lifecycle (SDLC). In addition, CSC certification holders will be well-versed in using a range of software testing and analysis tools and techniques to mitigate against common threats to data, structures and systems.
According to CertNexus, questions on the exam are distributed according to the following domain areas:
|1.0 Common Secure Application Development Terminology and Concepts||15%|
|2.0 Job and Process Responsibilities Related to Secure Application Development||15%|
|3.0 Architecture and Design||18%|
|4.0 Risk Assessment and Management||17%|
|5.0 Application Implementation||35%|
The CSC exam includes 80 multiple-choice questions, which the candidate has 120 minutes to complete. The exam can be delivered in person at a PearsonVUE test center or online via the Pearson OnVue online proctoring platform.
Candidates need to score at least 70% to pass the exam. There is currently no expiration or renewal time frame in place for those that earn the credential.
How to prepare
In addition to on-the-job experience and time understanding programming best practices across the range of platforms, there are several great resources out there for IT practitioners to use to prepare for the CSC exam.
The two most prominent include the Infosec Skills Cyber Secure Learning Path, which covers all CSC exam topics with hands-on activities that are beneficial for programming students and experienced practitioners alike to hone their skills.
Another option is the CertNexus Cyber Secure Coder 3-day course, which CertNexus delivers to authorized providers.
Take the next step in cyber secure coder certification
While no software or application will be completely free of defects, the Cyber Secure Coder certification program gives IT professionals the skills and approaches needed to employ best practices in secure software development to minimize the chances of them occurring and limit the potential negative impacts.
Whether you are new to programming and are looking to establish a strong, secure foundation for creating your first piece of software or you are looking to promote security across your organization’s SDLC, the CertNexus Cyber Secure Coder certification will prove that you have what it takes.
- 2019 Vulnerability Statistics Report, EdgeScan
- Cyber Secure Coder, CertNexus
- OWASP Top 10 Web Application Security Risks, OWASP
- Research Highlights: Modern Application Development Security, Veracode