iSAQB CPSA-A WEBSEC

Description

Attending the iSAQB® CPSA-A Web Security (WEBSEC) course gives participants 20 Technical Competence (TC) and 10 Methodological Competence (MC) points towards the 70 points required for eligibility to take the iSAQB CPSA-A exam with Brightest. It is important to remember that as part of the 70 points required to take the iSAQB CPSA-A exam with Brightest, you will need at least ten competence points in each of the following areas: 

• Technical Competence (TC)
• Methodological Competence (MC)
• Communicative Competence (CC)

Accredited iSAQB® WEBSEC - Web Security (CPSA-A) training is based on the current iSAQB® curriculum:

Part 1 - Web Security Analysis

• Risks and models
• The fundamental security goals
• Asset identification and access concepts
• Identify criteria for acceptance and auditing
• Tradeoff of security against other quality attributes
• Understand security as a process, not as a single measure
• Understand security as the responsibility of all stakeholders 
• Know common guidelines, standards, and recommendations
• Know common classification systems for security issues
• Categorize common certifications

Part 2 - Secure design and development process

• The concept of "validation of all inputs and escaping of all outputs"
• The principle of security gates, review, and "trust no one"
• Indicators of secure application design
• Basic patterns for secure coding guidelines
• Content of a secure development process and example framework
• Access concepts for system landscape, artifacts, and source code
• Which tools and infrastructure components support the secure development process
• Demarcation of analytical methods
• Incident management

Part 3 - Cryptography

• The basics of cryptography
• Hashing
• Encryption procedures
• Trust concepts
• Practical use

Part 4 -  Web: A Technical Foundation

• Common "good practices"
• Authentication types
• "Security through obscurity" security measures
• Security-related protocols (e.g., TLS) 
• Common authorization concepts and relevant implementations
• Supporting tools

Part 5 -  Web: Known Attacks and Attack Vectors

• Attack vectors and classification
• Specific dangers of social engineering in web applications
• Injection attacks
• Significance and functioning of denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
• Attacks via the runtime environment/application platform
• Identifying security vulnerabilities via fuzzing
• Man-in-the-middle attacks
• Important sources for current threats and attacks

Part 6 - Web: Security and Infrastructure

• Function/operation and processes of firewalls
• Web Application Firewalls
• Intrusion Detection / Prevention systems
• Validation with feedback from operations
• Use of Transport Layer Security (TLS)