Certification

GIAC Secure Software Programmer (GSSP)

The GIAC Secure Software Programmer (GSSP) Certification Exam was developed in a joint effort involving the SANS Institute, CERT/CC, several US government agencies, and leading companies in the US, Japan, India, and Germany. These exams are an essential response to the rapidly increasing number of targeted attacks that are focusing on application vulnerabilities. They help organizations meet four objectives:

  1. Identify shortfalls in security knowledge of in-house programmers and help those individuals close the gaps.
  2. Ensure outsourced programmers have adequate secure coding skills.
  3. Select new employees who will not need remedial training in secure programming.
  4. Ensure each major development project has at least one person with advanced secure programming skills.

Programmers can demonstrate that they know the common security flaws found in Java, .NET, and C programming, and how to avoid the problems, by passing the GSSP exams.

GIAC Web Application Defender (GWEB)

The GIAC Web Application Defender (GWEB) Certification Exam allows candidates to demonstrate mastery of the security knowledge and skills needed to deal with common web application errors that lead to most security problems. The successful candidate will have hands-on experience using current tools to detect and prevent Input Validation flaws, Cross-site scripting (XSS), and SQL Injection as well as an in-depth understanding of authentication, access control, and session management, their weaknesses, and how they are best defended.

GIAC Certified Web Application Defenders (GWEB) have the knowledge, skills, and abilities to secure web applications and recognize and mitigate security weaknesses in existing web applications.

Special thanks to the following people who provided valuable feedback to improve the GWEB certification:

  • Anurag Agarwal
  • Nima Dezhkam
  • Matt Johansen
  • Abe Kang
  • Jim Manico
  • Bruce Mayhew
  • Paul O'Grady
  • Phillip Purviance
  • Ali Saadatpoor
  • Brook Schoenfield
  • Patrick Szeto
  • Chris Wysopal

GIAC Web Application Penetration Tester (GWAPT)

Web applications are one of the most significant points of vulnerability in organizations today. Web application vulnerabilities have resulted in the theft of millions of credit cards, major financial loss, and damaged reputations for hundreds of enterprises. The GIAC Web Application Penetration Tester (GWAPT) Certification Exam measures your understanding of web application exploits and penetration testing methodology and provides assurance that you can check your web applications for holes before the bad guys do.

Latest Blog Posts

Software Security starts with Software Quality
January 25, 2012 - 4:29 PM

ASP.Net Forms Authentication Bypass
January 12, 2012 - 4:34 AM

ASP.Net Insecure Redirect
January 12, 2012 - 4:34 AM

View More »

Latest Tweets

@sansappsec: Sign up now and save $500 on DEV544 Secure Codin [...]
February 06, 2012 - 2:20 PM

@sansappsec: New blog post: "Software Security starts with So [...]
January 25, 2012 - 4:52 PM

@sansappsec: Last day to save 250 on DEV522 Defending Web #Ap [...]
January 25, 2012 - 11:20 AM

View More »

Latest Papers

Securing Blackboard Learn on Linux
By David Lyon

Mass SQL Injection for Malware Distribution
By Larry Wichman

Four Attacks on OAuth - How to Secure Your OAuth Implementation
By Khash Kiani

View More »

"Provided a wealth of knowledge and practices to employ when developing Java applications."
- Nicholas Glantz, Lockheed Martin

"Great course. Very valuable information that I can apply to my job immediately. Thank you!"
- Jeffrey Flagg, Command Information

"Great overview of different types of attacks and how to mitigate them."
- Tim Sargent, Kinecta Federal Credit Union