How to get Secure Coding Certified

Hopefully the answer to the question, “How do I get _________ certified?” is becoming clearer with each post I write.

You may or may not have realized that the certification catalog is continuing to grow, with some of the newest certifications, SQL Injection and Cross-site Scripting, falling into the category of vulnerability specific certifications. (If you haven’t noticed, I recommend checking it out here).Knowledge of these attacks is important for both organizations and individuals alike because it gives you an idea of how to prevent them, what to look out for and how to handle an attack once it has been waged.Sure, you may have doubts about obtaining certifications that are that specific, but being the ‘go-to’ expert in your organization should certainly bode well for you.Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. Imagine if even a fraction of vulnerabilities could be prevented by taking the right precautionary measures.We’ve heard from plenty of developers the pain points of being under time and budget constraints. Errors that lead to vulnerabilities are very, very rarely intentional, but they happen nonetheless.For this post, let’s take a look at the Secure Coding Micro Certification, which can help both developers and anyone in a managerial role who performs code review or is responsible for what their dev team produces.In the case of some developers, this information may be a refresher, for others, it can serve as a starting point for the implementation of best practices.Whatever the case may be, it’s important to note that there is no ‘one size fits all’ rule when it comes to obtaining certifications, or learning, for that matter. Coders don’t necessarily only have to have ‘software development specific’ certifications, nor do non-coders, as I mentioned.Now, let’s delve into secure coding further.What is secure coding?The practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities.Okay, tell me more:Defects, bugs, and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Even with properly configured firewalls and security appliances, applications developed without following secure coding practices can be vulnerable.What makes secure coding so necessary?By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment. Eliminating vulnerabilities during development can result in a two to three orders-of-magnitude reduction in the total cost of repairing the code versus making the repairs afterward.Startling statistics: According to White Hat Security, “The average age of an open critical vulnerability is over 300 days; high-risk vulnerabilities have an average age of more than 500 days. (Note that vulnerability age is calculated only for open vulnerabilities. This means that if vulnerabilities tend to remain open, the average age will be high. Information Technology (IT) is an exception with the highest average age of 875 days.”What careers will a secure coding certification prepare me for?Of course, with coding skills you can find yourself employed in the full range of development roles from full-stack, front-end, back-end, to mobile and UX/UI design. This background can extend into the areas of data science, business intelligence, technical project management, and security analyst/ security engineer type roles.Why get your secure coding certification?Even at the entry-level, jobs in coding pay more than the average position. Google and Facebook coders, for instance, are paid a base salary of ~$125K.This certification proves your ability to not only write code but shows you can recognize when code is vulnerable. Establishing secure coding standards sets the foundation for secure system development as well as a common set of criteria that can be applied to examine and evaluate software development efforts and software development tools and processes.Who is the target audience?This certification is targeted towards developers, but can also be beneficial to those in a managerial role who perform code review or are responsible for what their dev team produces. In addition, this knowledge is critical to those just starting out in the world of coding, who want to learn best practices from the start.What will I learn?

• Best practices of secure coding
• Injections
• Session management
• Cross-site scripting
• Direct object reference
• Security configuration
• Sensitive data exposure
• Function level access
• Cross-site request forgery

What is the best course of study?The best approach when studying for a certification, even a micro certification, is to complete the corresponding course in its entirety. If there is one particular area where you are struggling, use the search bar at the top of the site to locate other resources that explore that area in greater depth. Likewise, notecards are a useful tool to take advantage of during your coursework that can help you review right before testing.What is the secure coding exam format?With a skill level of beginner, this multiple-choice exam consists of 40 questions, which you must complete in 60 minutes. In order to obtain the certification, you must receive a passing grade of 70% or higher.By obtaining your micro certification, you also receive 3 CPE/CEU hours.How do I know if I’m ready for the exam?Try the practice exam first. You can access it here.Additional secure coding study resources:Intro to Secure Coding VideoA Cautionary Tale about PHP Secure Coding TechniquesSoftware Development Security VideoDefensive Coding VideoI’m ready for the exam. Now what?You’re a coding wizard! You can take the Secure Coding Micro Certification here. Once, you’ve earned the certification, be sure to include it on LinkedIn and list it within your resume.In a future post, I’ll discuss how IT professionals, coders specifically, can use online portfolios to showcase their work to employers.One last thing:Use code OBLOG50 for half off your next Micro Certification. The Cybrary team also features micro certifications weekly with discount codes. You can find those codes across social media, in the newsletter and hidden within the site. Promoted codes expire each Sunday at midnight EST.Olivia Lynch (@Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the field of cyber security. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.