SKILL BENCHMARK
Secure Programming Competency (Intermediate Level)
- 16m
- 16 questions
The Secure Programming Competency (Intermediate Level) benchmark evaluates your ability to describe and apply secure coding concepts. You will be assessed on your skills in recognizing and evaluating vulnerabilities. Learners who score high on this benchmark demonstrate that they have the skills to avoid common programming errors that can undermine security and are able to recognize the OWASP Top 10 commonly encountered vulnerabilities.
Topics covered
- describe and be able to avoid common programming errors that can undermine security
- describe and use CVE vulnerability scoring
- describe and use threat models including STRIDE, PASTA, DREAD, and SQUARE
- describe authentication and authorization, including models such as DAC, MAC, RBAC, and ABAC
- describe OWASP Top 10 vulnerabilities including broken access control, security misconfiguration, sensitive data exposure, and insufficient attack protection
- describe OWASP Top 10 vulnerabilities including cross-site request forgery, using components with known vulnerabilities, and underprotected APIs
- describe OWASP Top 10 vulnerabilities including SQL injection, broken authentication, and cross-site scripting
- describe secure programming verification and validation process and techniques
- describe security concepts, including the CIA triangle, least privileges, and separation of duties
- implement C# secure coding to combat common code vulnerabilities
- implement JavaScript secure coding to combat Cross Site Scripting Attacks
- implement Java secure coding to combat Rhino Script vulnerability
- implement Python secure coding to combat a variety of security vulnerabilities
- use CVSS scoring for vulnerabilities
- use OWASP Zap vulnerability scanner to test web sites for common vulnerabilities
- use Vega Vulnerability Scanner to test web sites for common vulnerabilities