Date post: | 23-Jan-2018 |
Category: |
Software |
Upload: | somesh-mohanty |
View: | 58 times |
Download: | 2 times |
Candidate Reference Guide
Secure SDLC Exam Challenge Evaluating your Skills across Secure Development Phases
Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 1
Secure SDLC Exam (SWADLP) Challenge Page 2 About SWADLP Exam Page 3 Challenge REWARDS Page 4 Steps to Participate Page 5 Who Should take this Challenge | Dates & Schedule
Page 6
SWADLP Exam Challenge: Curriculum Page 7 SWADLP Exam Challenge: References Page 8 Frequently Asked Questions (FAQ) Page 9-11
Table of Content
To Schedule SWADLP Exam, www.pearsonvue.com/hack2secure
www.hack2secure.com | [email protected]
Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 2
SECURE SDLC EXAM (SWADLP) CHALLENGE
Last Date to Register for Challenge Exam: 28th May 2017
Last Date to Take Challenge Exam: 31st May 2017
Cost of SWADLP Challenge Exam: USD 100
For More details,
STEPS to PARTICIPATE (PAGE 5)
*SWADLP EXAM is a Proctored and Globally delivered by PearsonVUE
How Confident are you on your Application Security Skills?
Secure SDLC Exam
CHALLENGE
TAKE SWADLP* EXAM CHALLENGE
@ USD 100
Earn SWADLP Certificate
+ Exclusive Rewards & More
Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 3
Globally Available | Proctored | 150mins | 90 MCQ | Passing Grade: 60% | Exam Language: English
About SWADLP Exam
For more details, visit www.hack2secure.com/swadlp
www.hack2secure.com | [email protected]
Seven Phases of Secure
Web Application Development
Web Security Awareness
Building Security Requirements
Ensuring Secure Design
Secure Implementation
Application Security Testing
Security Review & Response
Security in Maintenance Cycle
To Schedule SWADLP Exam, www.pearsonvue.com/hack2secure
Secure Web Application Development Lifecycle Practitioner (SWADLP) Certificate program evaluates
individual's implementation level skills in Security practices required to ensure Secure Application
Development. This program ensures candidate's awareness on Application Security Challenges, Threats,
Standards, Best Practices and assurance methodologies along with hands-on implementation level
knowledge and skill-sets.
SWADLP is based on globally recognized Standards and Industry best practices to ensure knowledge and
Understanding of Secure Application Development requirements. It walks through 7 phases of Software
Development and provide required strategies and processes to integrate Security at every level.
SWADLP Certification
Benefits
Validates your expertise and knowledge in
Secure Application Development Process
Get Global Recognition and Credibility
Ensures Real Time skills required to handle Web
Application Security Risk
Demonstrate knowledge of Industry Standards
and Best Practices
Ensures effective skills to measure and
implement Security Controls
Evaluate your Skills in Secure Application Development
Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 4
Exclusive REWARDS for ALL
+ Hack2Secure WASD Exam Discount Vouchers for ALL
Amazon Kindle Raspberry Pi Model B
Encrypted Flash Drive
YubiKey NEO
USB Key Logger
Amazon Echo Dot
Control-Alt-Hack: Card Game
Secure Password Journal
Kindle Unlimited Membership Programmable Mouse Jiggler .. & Many More
Exclusive 60% Discount on Completing Challenge Complementary 40% Discount for All Challenge Participants
Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 5
STEPS to PARTICIPATE
Step#1: Register Create Account at PearsonVUE Portal
www.pearsonvue.com/hack2secure
Step#2: Get Exam Discount Code Hack2Secure will Provide Exclusive Exam Discount Code over Registered Email-ID within 2 Business Days
OR Email your unique Hack2Secure Candidate ID to [email protected]
Note: Discount Code Validity: 12 months
Step#3: Schedule & Write SWADLP Exam Note: 1. Delivered and Proctored Globally at any PearsonVUE Authorized Test Center
2. Email at [email protected], if Exam is not available in Your Country
Exam Scheduled
On or Before 31st May 2017
Exam Scheduled
After 31st May 2017 Note: Discount Code Validity: 12 months
Exam PASS Exam FAIL
Re-Attempt?
YES Go to Step#2 and Email for
Re-attempt Exam Discount Code
NO
Challenge
Completed Earn SWADLP
Certificate +
REWARDs based
on Exam Score +
Hack2Secure Exam [60%] Discount Voucher [Web
Application Security Defender]
Get Complementary
REWARD
+
Hack2Secure Exam
[40%] Discount Voucher
[Web Application Security
Defender]
Exam PASS Exam FAIL
Earn SWADLP Certificate
[Challenge REWARDS NOT Applicable]
Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 6
Event Important Dates / Schedules
Remarks
STEP#1: Register at Pearson Portal to take SWADLP Exam Challenge
On or Before 28th May
2017
1. Registration after 28th May 2017 will not be considered applicable for SWADLP Exam Challenge Program
2. Exams needs to be Scheduled at-least 24hrs in advance 3. See FAQ
STEP#2: Get DISCOUNT CODE
Within 2 Business
Days
1. Hack2Secure will provide unique 60% Discount Code [1 Time Usage] after Validation of Participant Account details
2. Candidate can also request for Discount Code by providing his unique Hack2Secure Candidate ID over email at [email protected]
DISCOUNT CODE VALIDITY 12 months 1. Approx. 1 year validity enables candidate to redeem coupon
and write Exam anytime within coupon validity. 2. Candidate will not be considered for Challenge Rewards if
Exam is Not delivered on or before 31st May 2017
STEP#3: Schedule & Write SWADLP Exam
31st May 2017
1. Candidate needs to PASS SWADLP Exam with at-least 60% Grade to Complete Challenge
2. Candidate may choose to Write & PASS Exam any- time after 31st May 2017, however, he will not be considered as Challenge Program Participant
Hack2Secure to Publish Challenge Result
10th June 2017
Hack2Secure to dispatch REWARDS
15st-30th June 2017
1. Reward dispatch dates depends on Participant Location 2. Discount Coupons to be dispatched over Email, at time of
WASD Exam availability
Who Should Take this Challenge?
Software
Development Team
Application/Software Architects
Software Developers
QE/QA/Testing Team
Software Consultants
Research Engineers
Security Team
Security Engineers, Testers
and Analyst
Application Penetration Testers
Security Consultants
Auditors
Product Security Office
Software Management
Team
Program / Project / Product
Managers & Directors
Team Leads
Assurance Team
Application Senior Management
Student
Anyone
Who wants to evaluate his skills in Secure
Application Development
Student
Students [Management & Technical Stream]
Looking to purse Career in Secure Software
Development and Management
Dates & Schedule to Remember
To Schedule SWADLP Exam, www.pearsonvue.com/hack2secure
Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 7
SWADLP EXAM CHALLENGE: CURRICULUM
Secure SDLC Phase#1: Training and Awareness
About Secure SDLC Process, Requirements &
Methodologies
Adoption of Secure SDLC in Agile
Core Security Concepts & Related Attacks
C.I.A. Triad: Confidentiality, Integrity &
Availability
A.A.A. Concept: Authentication, Authorization &
Accountability
Public key Infrastructure (PKI), Digital
Certificates, SSL/TLS Protocol, Hashing, Digital
Signature
Password Best Practices, Access Control
Methods
Security Design Principles
Overview on Concepts like Risk, Threat &
Vulnerability. Risk Management concept
Security Policies, Procedures, Guidelines & Best
Practices
Security Standards, Regulations and Compliances
Overview on NIST SP800-64
Security Assurance Methodologies
STRIDE, DREAD, OCTAVE, OSSTMM
Common Vulnerability Scoring System (CVSS)
Overview on OWASP Top10 Web Application
Security Risk, Root-cause & Best Practices
Secure SDLC Phase#2: Security Requirements
Building Security Requirement Checklist and
Defining Security Quality Gates
Core Security Requirements to ensure C.I.A. &
A.A.A
General Security Requirements like Session
Management, Error Management &
Configuration Management
Operational Security Requirements related with
Deployment Environment, Archiving and Anti-
Piracy
Security Requirements related with
International Laws, Procurement & Time-
Sequencing concerns
Secure SDLC Phase#3: Ensuring Secure Design
Why we need to Secure Design
Secure Design Methodologies
Attack Surface Analysis
Threat Modeling [based on STRIDE]
Process, Methodology and Threat Analysis
Secure SDLC Phase#4: Secure Implementation
(Coding)
Application Coding: Common Security Myths
CWE Top15 Programming Errors
Secure Coding Best Practices / Implementation Level
Controls
OWASP Top10 Web Application Security Risk
Buffer Overflow
Insecure Cryptographic Storage
Information Leakage and Improper Error
Handling
File Attacks
Defensive Coding Practices
Input Validation, Canonicalization
Code Access Security (CAS)
Declarative vs Programmatic Security
Exception Management
Security Code Review process & Best Practices
Secure SDLC Phase#5: Application Security Testing
Application Security Testing Tools, Techniques &
Methodologies
Testing for Core Security Concepts
Testing for OWASP Top10 Web Application
Vulnerabilities
Handling Security Defects
Secure SDLC Phase#6: Security Review & Response
Building Final Security Review Plan
Auditing, VA-PT Process
Incident Handling Process & Team Management
Threats to Supply Chain Software
Different Software Deployment & Procurement Risk
Secure SDLC Phase#7: Securing Maintenance Cycle
Security Patch Management
Handling 3rd Party Library Upgrades
Application Disposal Policy
Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 8
SWADLP EXAM CHALLENGE: REFERENCES
Based on Industry Security Standard and Best Practices
Some References
Open Web Application Security Project [OWASP]
Top 10 Web Application Security Risk
Web Application Testing Guide
Code Review Guide
Secure Coding Practices
Developer’s Cheat Sheet
National Institute of Standards & Technology [NIST]
Computer Security Special Publications 800 (SP 800)
CERT Secure Coding Standards
International Organization for Standardization [ISO]
ISO/IEC 12207:2008 : Systems and software
engineering -- Software life cycle processes
ISO/IEC 15026 : Systems and Software engineering –
Systems and Software Assurance
ISO/IEC 16085:2006 : Systems and software
engineering - Life cycle processes - Risk management
ISO/IEC 16350:2015 : Information technology --
Systems and software engineering - Application
management
Common Vulnerability Scoring System [CVSS]
PCI Security Standards [PCI DSS]
BSIMM Software Security Framework
Software Assurance Maturity Model [OpenSAMM]
Other Reference Secure SDLC Models
Microsoft Security Development Lifecycle (MSDL)
Cisco Secure Development Lifecycle (CSDL)
VMware Security Development Lifecycle
Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 9
FREQUENTLY ASKED QUESTIONS (F.A.Q)
Visit www.pearsonvue.com/hack2secure and Create Account by providing required
details.
Complete the Registration Process with correct required details as these details will
be used for further communication.
For Detailed Step by step Registration Guide, refer
Hack2Secure Candidate Registration and Exam Scheduling Guide
How to register for Challenge Program?
Who can register for Challenge Program?
SWADLP Exam Challenge Program is Open for All. It can be taken by Technical
Professionals, Management and Students. This program has scope for everyone
despite of their Role and Responsibility in Secure SDLC process.
If you are confident enough on our skills and knowledge on Software Development
process and related Security Practices (Secure SDLC), this Challenge is for you to get
Assessment, Accreditation and Certification to boost your Professional career scope
and opportunities. Or if you want to evaluate your Secure SDLC process maturity
I will register now, but will schedule Exam after 31st May 2017. Will I still be considered for
Rewards? To get Rewards incorporated under Challenge Program, you need to appear for SWADLP Exam by 31st May 2017.
You can choose to Schedule Exam anytime and redeem Discount Code [Voucher validity is approx. 12months] but will not be
considered as participant in SWADLP Exam Challenge. However, you can still earn SWADLP Exam certificate on passing the
exam.
I have (Registered) Created Web Account, How to get Discount Coupon Code?
Once you have registered, exclusive Hack2Secure Candidate ID is generated. Hack2Secure will be validating your Account
Details and provide Exam Discount Code over Registered Email-ID within 2 Business Days. OR You can also Email your unique
Hack2Secure Candidate ID to [email protected] and request for Discount Code.
Note:
Discount Code will be of ONE Time usage only. It can’t be shared or used by another Candidate.
Discount Code Validity: approx. 1 Year
How to get Hack2Secure Candidate ID 1. Sign In to your Account at www.pearsonvue.com/hack2secure
2. You can See Hack2Secure Candidate ID on Right Top Corner
Step#2: Get Exam Discount Code
Feel free to send your Queries and Concerns at [email protected]
Make Sure to provide Hack2Secure Candidate ID in your Email.
Step#1: Register
Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 10
c. Checkout-Step 3: Enter Payment
Click on ‘Add Voucher or Promo Code’. Provide Voucher Code and Click Apply
60% Discount Voucher will apply and ESTIMATED TOTAL DUE will Change to USD 100.00
Provide Card Details to process remaining amount (USD 100)
d. Checkout - Step 4: Submit Order
e. Checkout - Step 5: Summary
Validate Details, Invoice and Exam Confirmation
Same will also be send to your Email
To Schedule Exam, refer Hack2Secure Candidate Registration and Exam Scheduling Guide 1. Sign In to your Account at www.pearsonvue.com/hack2secure
If you have NOT Created Account, refer Step#1 in FAQ
2. Choose SWADLP001: Secure Web Application Development Lifecycle Practitioner under Exam Catalog
3. Verify Exam Details (It will show Exam Price as USD 250). Click on Schedule this Exam
4. Select appropriate Pearson VUE Authorized Test Centre Near you
In case exam is not available in your Country, Email us at [email protected] .
5. Choose Exam Delivery Date & Time
6. Verify Appointment Details. (It will show Estimated Total Due as USD 250.00). Proceed to Checkout.
a. Checkout – Step 1: Confirm Personal Information. Verify Correct Name and Contact Number
b. Checkout-Step 2: Agree to Policies
Ensure to Read and Agree with Hack2Secure Policies. Ensure your Name matches as per documents provided
under Admission Policy
Step#3: Schedule & Write SWADLP Exam
How to Schedule SWADLP Exam?
Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 11
Candidate needs to adhere with Hack2Secure Exam Policies. This is required to ensure smooth Exam process globally, assuring
correct candidate is taking exam and to avoid any discrepancy among candidates. At Pearson Test Center, Proctor will be
validating your Registered Name against provided documents. He will also be validating your Signature and capture your
Photograph.
Refer: Hack2Secure Candidate Testing Policy
Hack2Secure Candidate ID Policy
I can’t find PearsonVUE Test Center in my country. What to Do? If you can’t find SWADLP Exam Center in your Country, Email us at [email protected] . We will enable Exam in
concerned country within 3 Business Days
Why I need to show related Documents while appearing for Exam?
Can I Reschedule or Cancel my Exam
You can Re-schedule your exam but can’t cancel.
Re-scheduling should be done at-least 24hrs before Exam delivery Time. You can re-schedule Exam either using your Pearson
Account or by Contacting PearsonVUE Customer Care
My Exam Discount Voucher is valid for 12 months. Can is Use them after 31st May 2017
Yes, you can utilize Discount voucher anytime till it expires. However, any exam delivered after 31st May 2017 will not be
considered for Challenge Program. Provided discount codes are exclusively generated and are for ONE TIME USAGE only.
My Exam Discount Voucher is NOT WORKING. What should I Do?
These discount Vouchers are exclusively generated and are for ONE TIME USE only. Ensure, you have not shared it with
others. In any such event contact Hack2Secure immediately at [email protected]
How are Rewards decided?
No, you can’t re-take Exam, if you have already passed
I did not PASS in my first attempt and want to Re-take Exam. What should I do now? You can always Re-Take Exam. Refer Hack2Secure Retake Policy
Scenario#1: If you Fail Exam before 31st May 2017 and want to Re-Take Exam Challenge.
You always deserve Fair Chance to Re-take Exam and stay in Game, provided you adhere with our Retake Policy. Email Us at
[email protected] providing your Candidate ID. We will re-send you discount Code which will be applicable over
Exam Re-Take Fees (USD 150) this time. Candidate needs to re-appear for SWADLP Exam before 31st May to stay in
Competition with others. Your final Score will be considered in this Scenario to decide your Position in Challenge.
Scenario#2: If you Fail Exam before 31st May 2017 and want to Re-Take Exam in later Dates
If you Email Us [[email protected]] before 31st May 2017, we will re-send you discount Code applicable over Exam
Re-Take Fees (USD 150). You can choose to redeem coupon and appear for Exam anytime within its Expiry Date.
I Passed the Exam. Can I Re-take to Improve my Score?
Can I redeem my Rewards for Cash?
No
Feel free to send your Queries and Concerns at [email protected] .
Make Sure to provide Hack2Secure Candidate ID in your Email.
Completely based on your Exam Score delivered on or before 31st May 2017.
To Schedule SWADLP Exam, www.pearsonvue.com/hack2secure
HACK2SECURE
@hack2secure
Hack2Secure.India
www.hack2secure.com
+91 (80) 49 58 32 99
+91 (80) 49 58 33 99
Hack2Secure, #681, First Floor, 15th Cross, 8th Main, 2nd Phase,
J.P. Nagar, Bangalore, Karnataka, 560078
“Information Security Training, Services & Solutions
to keep you at forefront of the IT Industry”