Candidate Reference Guide

Secure SDLC Exam Challenge Evaluating your Skills across Secure Development Phases

Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 1

Secure SDLC Exam (SWADLP) Challenge Page 2 About SWADLP Exam Page 3 Challenge REWARDS Page 4 Steps to Participate Page 5 Who Should take this Challenge | Dates & Schedule

Page 6

SWADLP Exam Challenge: Curriculum Page 7 SWADLP Exam Challenge: References Page 8 Frequently Asked Questions (FAQ) Page 9-11

Table of Content

To Schedule SWADLP Exam, www.pearsonvue.com/hack2secure

www.hack2secure.com | certificate@hack2secure.com

Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 2

SECURE SDLC EXAM (SWADLP) CHALLENGE

Last Date to Register for Challenge Exam: 28th May 2017

Last Date to Take Challenge Exam: 31st May 2017

Cost of SWADLP Challenge Exam: USD 100

For More details,

STEPS to PARTICIPATE (PAGE 5)

*SWADLP EXAM is a Proctored and Globally delivered by PearsonVUE

How Confident are you on your Application Security Skills?

Secure SDLC Exam

CHALLENGE

TAKE SWADLP* EXAM CHALLENGE

@ USD 100

Earn SWADLP Certificate

+ Exclusive Rewards & More

Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 3

Globally Available | Proctored | 150mins | 90 MCQ | Passing Grade: 60% | Exam Language: English

About SWADLP Exam

For more details, visit www.hack2secure.com/swadlp

www.hack2secure.com | certificate@hack2secure.com

Seven Phases of Secure

Web Application Development

Web Security Awareness

Building Security Requirements

Ensuring Secure Design

Secure Implementation

Application Security Testing

Security Review & Response

Security in Maintenance Cycle

To Schedule SWADLP Exam, www.pearsonvue.com/hack2secure

Secure Web Application Development Lifecycle Practitioner (SWADLP) Certificate program evaluates

individual's implementation level skills in Security practices required to ensure Secure Application

Development. This program ensures candidate's awareness on Application Security Challenges, Threats,

Standards, Best Practices and assurance methodologies along with hands-on implementation level

knowledge and skill-sets.

SWADLP is based on globally recognized Standards and Industry best practices to ensure knowledge and

Understanding of Secure Application Development requirements. It walks through 7 phases of Software

Development and provide required strategies and processes to integrate Security at every level.

SWADLP Certification

Benefits

Validates your expertise and knowledge in

Secure Application Development Process

Get Global Recognition and Credibility

Ensures Real Time skills required to handle Web

Application Security Risk

Demonstrate knowledge of Industry Standards

and Best Practices

Ensures effective skills to measure and

implement Security Controls

Evaluate your Skills in Secure Application Development

Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 4

Exclusive REWARDS for ALL

+ Hack2Secure WASD Exam Discount Vouchers for ALL

Amazon Kindle Raspberry Pi Model B

Encrypted Flash Drive

YubiKey NEO

USB Key Logger

Amazon Echo Dot

Control-Alt-Hack: Card Game

Secure Password Journal

Kindle Unlimited Membership Programmable Mouse Jiggler .. & Many More

Exclusive 60% Discount on Completing Challenge Complementary 40% Discount for All Challenge Participants

Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 5

STEPS to PARTICIPATE

Step#1: Register Create Account at PearsonVUE Portal

www.pearsonvue.com/hack2secure

Step#2: Get Exam Discount Code Hack2Secure will Provide Exclusive Exam Discount Code over Registered Email-ID within 2 Business Days

OR Email your unique Hack2Secure Candidate ID to certificate@hack2secure.com

Note: Discount Code Validity: 12 months

Step#3: Schedule & Write SWADLP Exam Note: 1. Delivered and Proctored Globally at any PearsonVUE Authorized Test Center

2. Email at certificate@hack2secure.com, if Exam is not available in Your Country

Exam Scheduled

On or Before 31st May 2017

Exam Scheduled

After 31st May 2017 Note: Discount Code Validity: 12 months

Exam PASS Exam FAIL

Re-Attempt?

YES Go to Step#2 and Email for

Re-attempt Exam Discount Code

NO

Challenge

Completed Earn SWADLP

Certificate +

REWARDs based

on Exam Score +

Hack2Secure Exam [60%] Discount Voucher [Web

Application Security Defender]

Get Complementary

REWARD

+

Hack2Secure Exam

[40%] Discount Voucher

[Web Application Security

Defender]

Exam PASS Exam FAIL

Earn SWADLP Certificate

[Challenge REWARDS NOT Applicable]

Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 6

Event Important Dates / Schedules

Remarks

STEP#1: Register at Pearson Portal to take SWADLP Exam Challenge

On or Before 28th May

2017

1. Registration after 28th May 2017 will not be considered applicable for SWADLP Exam Challenge Program

2. Exams needs to be Scheduled at-least 24hrs in advance 3. See FAQ

STEP#2: Get DISCOUNT CODE

Within 2 Business

Days

1. Hack2Secure will provide unique 60% Discount Code [1 Time Usage] after Validation of Participant Account details

2. Candidate can also request for Discount Code by providing his unique Hack2Secure Candidate ID over email at certificate@hack2secure.com

DISCOUNT CODE VALIDITY 12 months 1. Approx. 1 year validity enables candidate to redeem coupon

and write Exam anytime within coupon validity. 2. Candidate will not be considered for Challenge Rewards if

Exam is Not delivered on or before 31st May 2017

STEP#3: Schedule & Write SWADLP Exam

31st May 2017

1. Candidate needs to PASS SWADLP Exam with at-least 60% Grade to Complete Challenge

2. Candidate may choose to Write & PASS Exam any- time after 31st May 2017, however, he will not be considered as Challenge Program Participant

Hack2Secure to Publish Challenge Result

10th June 2017

Hack2Secure to dispatch REWARDS

15st-30th June 2017

1. Reward dispatch dates depends on Participant Location 2. Discount Coupons to be dispatched over Email, at time of

WASD Exam availability

Who Should Take this Challenge?

Software

Development Team

Application/Software Architects

Software Developers

QE/QA/Testing Team

Software Consultants

Research Engineers

Security Team

Security Engineers, Testers

and Analyst

Application Penetration Testers

Security Consultants

Auditors

Product Security Office

Software Management

Team

Program / Project / Product

Managers & Directors

Team Leads

Assurance Team

Application Senior Management

Student

Anyone

Who wants to evaluate his skills in Secure

Application Development

Student

Students [Management & Technical Stream]

Looking to purse Career in Secure Software

Development and Management

Dates & Schedule to Remember

To Schedule SWADLP Exam, www.pearsonvue.com/hack2secure

Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 7

SWADLP EXAM CHALLENGE: CURRICULUM

Secure SDLC Phase#1: Training and Awareness

About Secure SDLC Process, Requirements &

Methodologies

Adoption of Secure SDLC in Agile

Core Security Concepts & Related Attacks

C.I.A. Triad: Confidentiality, Integrity &

Availability

A.A.A. Concept: Authentication, Authorization &

Accountability

Public key Infrastructure (PKI), Digital

Certificates, SSL/TLS Protocol, Hashing, Digital

Signature

Password Best Practices, Access Control

Methods

Security Design Principles

Overview on Concepts like Risk, Threat &

Vulnerability. Risk Management concept

Security Policies, Procedures, Guidelines & Best

Practices

Security Standards, Regulations and Compliances

Overview on NIST SP800-64

Security Assurance Methodologies

STRIDE, DREAD, OCTAVE, OSSTMM

Common Vulnerability Scoring System (CVSS)

Overview on OWASP Top10 Web Application

Security Risk, Root-cause & Best Practices

Secure SDLC Phase#2: Security Requirements

Building Security Requirement Checklist and

Defining Security Quality Gates

Core Security Requirements to ensure C.I.A. &

A.A.A

General Security Requirements like Session

Management, Error Management &

Configuration Management

Operational Security Requirements related with

Deployment Environment, Archiving and Anti-

Piracy

Security Requirements related with

International Laws, Procurement & Time-

Sequencing concerns

Secure SDLC Phase#3: Ensuring Secure Design

Why we need to Secure Design

Secure Design Methodologies

Attack Surface Analysis

Threat Modeling [based on STRIDE]

Process, Methodology and Threat Analysis

Secure SDLC Phase#4: Secure Implementation

(Coding)

Application Coding: Common Security Myths

CWE Top15 Programming Errors

Secure Coding Best Practices / Implementation Level

Controls

OWASP Top10 Web Application Security Risk

Buffer Overflow

Insecure Cryptographic Storage

Information Leakage and Improper Error

Handling

File Attacks

Defensive Coding Practices

Input Validation, Canonicalization

Code Access Security (CAS)

Declarative vs Programmatic Security

Exception Management

Security Code Review process & Best Practices

Secure SDLC Phase#5: Application Security Testing

Application Security Testing Tools, Techniques &

Methodologies

Testing for Core Security Concepts

Testing for OWASP Top10 Web Application

Vulnerabilities

Handling Security Defects

Secure SDLC Phase#6: Security Review & Response

Building Final Security Review Plan

Auditing, VA-PT Process

Incident Handling Process & Team Management

Threats to Supply Chain Software

Different Software Deployment & Procurement Risk

Secure SDLC Phase#7: Securing Maintenance Cycle

Security Patch Management

Handling 3rd Party Library Upgrades

Application Disposal Policy

Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 8

SWADLP EXAM CHALLENGE: REFERENCES

Based on Industry Security Standard and Best Practices

Some References

Open Web Application Security Project [OWASP]

Top 10 Web Application Security Risk

Web Application Testing Guide

Code Review Guide

Secure Coding Practices

Developer’s Cheat Sheet

National Institute of Standards & Technology [NIST]

Computer Security Special Publications 800 (SP 800)

CERT Secure Coding Standards

International Organization for Standardization [ISO]

ISO/IEC 12207:2008 : Systems and software

engineering -- Software life cycle processes

ISO/IEC 15026 : Systems and Software engineering –

Systems and Software Assurance

ISO/IEC 16085:2006 : Systems and software

engineering - Life cycle processes - Risk management

ISO/IEC 16350:2015 : Information technology --

Systems and software engineering - Application

management

Common Vulnerability Scoring System [CVSS]

PCI Security Standards [PCI DSS]

BSIMM Software Security Framework

Software Assurance Maturity Model [OpenSAMM]

Other Reference Secure SDLC Models

Microsoft Security Development Lifecycle (MSDL)

Cisco Secure Development Lifecycle (CSDL)

VMware Security Development Lifecycle

Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 9

FREQUENTLY ASKED QUESTIONS (F.A.Q)

Visit www.pearsonvue.com/hack2secure and Create Account by providing required

details.

Complete the Registration Process with correct required details as these details will

be used for further communication.

For Detailed Step by step Registration Guide, refer

Hack2Secure Candidate Registration and Exam Scheduling Guide

How to register for Challenge Program?

Who can register for Challenge Program?

SWADLP Exam Challenge Program is Open for All. It can be taken by Technical

Professionals, Management and Students. This program has scope for everyone

despite of their Role and Responsibility in Secure SDLC process.

If you are confident enough on our skills and knowledge on Software Development

process and related Security Practices (Secure SDLC), this Challenge is for you to get

Assessment, Accreditation and Certification to boost your Professional career scope

and opportunities. Or if you want to evaluate your Secure SDLC process maturity

I will register now, but will schedule Exam after 31st May 2017. Will I still be considered for

Rewards? To get Rewards incorporated under Challenge Program, you need to appear for SWADLP Exam by 31st May 2017.

You can choose to Schedule Exam anytime and redeem Discount Code [Voucher validity is approx. 12months] but will not be

considered as participant in SWADLP Exam Challenge. However, you can still earn SWADLP Exam certificate on passing the

exam.

I have (Registered) Created Web Account, How to get Discount Coupon Code?

Once you have registered, exclusive Hack2Secure Candidate ID is generated. Hack2Secure will be validating your Account

Details and provide Exam Discount Code over Registered Email-ID within 2 Business Days. OR You can also Email your unique

Hack2Secure Candidate ID to certificate@hack2secure.com and request for Discount Code.

Note:

Discount Code will be of ONE Time usage only. It can’t be shared or used by another Candidate.

Discount Code Validity: approx. 1 Year

How to get Hack2Secure Candidate ID 1. Sign In to your Account at www.pearsonvue.com/hack2secure

2. You can See Hack2Secure Candidate ID on Right Top Corner

Step#2: Get Exam Discount Code

Feel free to send your Queries and Concerns at certificate@hack2secure.com

Make Sure to provide Hack2Secure Candidate ID in your Email.

Step#1: Register

Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 10

c. Checkout-Step 3: Enter Payment

Click on ‘Add Voucher or Promo Code’. Provide Voucher Code and Click Apply

60% Discount Voucher will apply and ESTIMATED TOTAL DUE will Change to USD 100.00

Provide Card Details to process remaining amount (USD 100)

d. Checkout - Step 4: Submit Order

e. Checkout - Step 5: Summary

Validate Details, Invoice and Exam Confirmation

Same will also be send to your Email

To Schedule Exam, refer Hack2Secure Candidate Registration and Exam Scheduling Guide 1. Sign In to your Account at www.pearsonvue.com/hack2secure

If you have NOT Created Account, refer Step#1 in FAQ

2. Choose SWADLP001: Secure Web Application Development Lifecycle Practitioner under Exam Catalog

3. Verify Exam Details (It will show Exam Price as USD 250). Click on Schedule this Exam

4. Select appropriate Pearson VUE Authorized Test Centre Near you

In case exam is not available in your Country, Email us at certificate@hack2secure.com .

5. Choose Exam Delivery Date & Time

6. Verify Appointment Details. (It will show Estimated Total Due as USD 250.00). Proceed to Checkout.

a. Checkout – Step 1: Confirm Personal Information. Verify Correct Name and Contact Number

b. Checkout-Step 2: Agree to Policies

Ensure to Read and Agree with Hack2Secure Policies. Ensure your Name matches as per documents provided

under Admission Policy

Step#3: Schedule & Write SWADLP Exam

How to Schedule SWADLP Exam?

Hack2Secure SWADLP Exam Challenge: Candidate Reference Guide 11

Candidate needs to adhere with Hack2Secure Exam Policies. This is required to ensure smooth Exam process globally, assuring

correct candidate is taking exam and to avoid any discrepancy among candidates. At Pearson Test Center, Proctor will be

validating your Registered Name against provided documents. He will also be validating your Signature and capture your

Photograph.

Refer: Hack2Secure Candidate Testing Policy

Hack2Secure Candidate ID Policy

I can’t find PearsonVUE Test Center in my country. What to Do? If you can’t find SWADLP Exam Center in your Country, Email us at certficate@hack2secure.com . We will enable Exam in

concerned country within 3 Business Days

Why I need to show related Documents while appearing for Exam?

Can I Reschedule or Cancel my Exam

You can Re-schedule your exam but can’t cancel.

Re-scheduling should be done at-least 24hrs before Exam delivery Time. You can re-schedule Exam either using your Pearson

Account or by Contacting PearsonVUE Customer Care

My Exam Discount Voucher is valid for 12 months. Can is Use them after 31st May 2017

Yes, you can utilize Discount voucher anytime till it expires. However, any exam delivered after 31st May 2017 will not be

considered for Challenge Program. Provided discount codes are exclusively generated and are for ONE TIME USAGE only.

My Exam Discount Voucher is NOT WORKING. What should I Do?

These discount Vouchers are exclusively generated and are for ONE TIME USE only. Ensure, you have not shared it with

others. In any such event contact Hack2Secure immediately at certificate@hack2secure.com

How are Rewards decided?

No, you can’t re-take Exam, if you have already passed

I did not PASS in my first attempt and want to Re-take Exam. What should I do now? You can always Re-Take Exam. Refer Hack2Secure Retake Policy

Scenario#1: If you Fail Exam before 31st May 2017 and want to Re-Take Exam Challenge.

You always deserve Fair Chance to Re-take Exam and stay in Game, provided you adhere with our Retake Policy. Email Us at

certificate@hack2secure.com providing your Candidate ID. We will re-send you discount Code which will be applicable over

Exam Re-Take Fees (USD 150) this time. Candidate needs to re-appear for SWADLP Exam before 31st May to stay in

Competition with others. Your final Score will be considered in this Scenario to decide your Position in Challenge.

Scenario#2: If you Fail Exam before 31st May 2017 and want to Re-Take Exam in later Dates

If you Email Us [certificate@hack2secure.com] before 31st May 2017, we will re-send you discount Code applicable over Exam

Re-Take Fees (USD 150). You can choose to redeem coupon and appear for Exam anytime within its Expiry Date.

I Passed the Exam. Can I Re-take to Improve my Score?

Can I redeem my Rewards for Cash?

No

Feel free to send your Queries and Concerns at certificate@hack2secure.com .

Make Sure to provide Hack2Secure Candidate ID in your Email.

Completely based on your Exam Score delivered on or before 31st May 2017.

To Schedule SWADLP Exam, www.pearsonvue.com/hack2secure

HACK2SECURE

@hack2secure

Hack2Secure.India

www.hack2secure.com

certificate@hack2secure.com

+91 (80) 49 58 32 99

+91 (80) 49 58 33 99

Hack2Secure, #681, First Floor, 15th Cross, 8th Main, 2nd Phase,

J.P. Nagar, Bangalore, Karnataka, 560078

“Information Security Training, Services & Solutions

to keep you at forefront of the IT Industry”