EC-Council Certified Secure Programmer Certification Test Objectives

ECSP Certification Test Objectives

Module 01: Introduction to Secure Coding
 - Explain the need for secure coding
 - Discuss the vulnerabilities statistics and programming errors
 - Discuss why security mistakes are made
 - Discuss the need for secure programming and why secure coding is important
 - Determine the building blocks of software security and explains the various types of security vulnerabilities
 - Determine the software vulnerability cycle, and types of attacks
 - Explain the various secure coding principles and guidelines for developing the secure codes
 - Prepare a checklist for software security mechanisms

Module 02: Designing Secure Architecture
 - Explain about the secure architecture and application security
 - Determine the factors affecting the security of the application
 - Define the software engineering concept and SDLC
 - Explain what is extreme programming and it roles and practices
 - Describe Unified Modeling Language (UML) and its goals
 - Discuss on UML tools such as Rational Rose and Borland Together
 - Explain about threat modeling and their aspects of security
 - Discuss on STRIDE threat model
 - What are the common criteria and software development best practices
 - Explain the working of Microsoft SDL threat modeling tool
 - Summarize the working of the tool: Borland® TeamInspector™
 

Module 03: Cryptography
 - Define Cryptography, Encryption, and Decryption
 - Discuss cryptographic techniques such as Classic Cryptographic and Modern Cryptographic
 - Define RSA (Rivest Shamir Adleman) and attacks against it
 - Explain how to implement RSA in C++
 - Discuss the Diffie-Hellman Key Agreement Standard and its algorithm
 - Explain Data Encryption Standard (DES), overview and its implementation of DES in Java
 - Describe Rijndael Algorithm, RC4, RC5, RC6, and Blowfish, and describes Blowfish algorithm in C
 - What are Message digest, One-way bash, and MD5 functions
 - Describe the implementation of MD5 in Java
 - Explain the implementation of SHA (Secure Hash Algorithm) in Java, and Collision Search Attacks on SHA1
 - Describe  Modern Cipher Breaking, the Keyed-Hash Message Authentication Code (HMAC), and its algorithm
 - What is SSL, and SSH
 - Determine algorithms and security, explain disk encryption, and Government Access to Keys (GAK)
 - What are the components of a Digital Signature, method of Digital Signature technology, use of Digital Signature, and Digital Signature Standard (DSS)
 - Determine Digital Signature algorithms such as Signature Generation/Verification and ECDSA, ElGamal Signature Scheme
 - Explain Hashing techniques, Hashing, MACs, and Digital Signatures using C# in .NET
 - What are the challenges and Opportunities of digital signatures
Provides an overview of Digital Certificates, creating and verifying a simple XML Digital Signature in C#
 - Explain about Cleversafe Grid Builder, Pretty Good Privacy, CypherCalc, CryptoHeaven, and Command Line Scriptor
 - Explain about JavaScrypt: Browser-Based Cryptography tool and steps to use JavaScrypt Encryption and Decryption tool
 - Determine cryptanalysis, cryptography attacks, cryptography attacks, brute-force attack, and the distributed.net organization
 

Module 04: Buffer Overflows
 - Describe buffer overflows and reasons for buffer overflow attacks
 - Explain why programs/applications are vulnerable
 - Explain the concepts of Stacks and Heaps
 - Describe Stack-based and Heap-based buffer overflows
 - What are the countermeasures against Buffer Overflow attacks
 - Explain how an attacker can attack a Real Program
 - What is Return Address Defender
 - List and summarize the tools to defend buffer overflows 
 - What are the buffer overflow protection solutions
 - Provide a comparison of the functions of libc and Libsafe tools
 - Explain how buffer over flow occurs in C and how to analyze the code
 

Module 05: Secure C and C++ Programming
 - List the important features of object oriented programming such as C/C++
 - List and explain the vulnerable C/C++ functions
 - What are the types of buffer overflows and explain each of them
 - Describe the dangling pointers, stack smashing, and GCC extension to protect the stack-smashing attacks
 - How to determine integer vulnerabilities, Truncation, and Sign Error
 - Discuss on Pointer Subterfuge and Bugs with Pointers and Memory
 - Describe about dynamic memory management, double free vulnerability, and secure memory allocation tips
 - Explain symmetric and symmetric encryption in C++
 - Explain the Blowfish Algorithm in C
 - Describe public key cryptography in C++
 - Discuss on  networking, creating an SSL Client in C++, and creating an SSL Server
 - Determine the random number generation problem, anti-tampering, and its techniques
 - Explain the process of erasing data from memory securely using C/C++
 - How to prevent memory from paging to disk
 - Explain how to use the variable arguments properly
 - Discuss on signal handling, encapsulation in C++, and best practices for input validation
 - Define Code Profiling, list and explain the working of memory debugging tools
 

Module 06: Secure Java and JSP Programming
 - Discuss the features of Java Programming language, explain what is Java virtual Machine(JVM), and discuss the byte code basics
 - Describe Java security, access controls, and Sandbox model
 - List the security issues with Java
 - Describe the SQL injection attack and explain how to prevent
 - Describe about URL Tampering
 - Discuss the various attacks on Applet, and explain the prevention of DoS attacks
 - Discuss on Byte Code attack and Reverse Engineering/Decompilation by Mocha
 - List and summarize the Obfuscation Tools
 - Explain how to build a simple ClassLoader
 - Explain what is a security manager
 - List and explain the signing tools
 - How to get RSA certificates
 - Describe the process of bundling Java Applets as JAR Files, and signing Java Applets using the Netscape signing tool
 - Discuss about the Java Security and basic security architecture
 - Determines Java Cryptography Architecture (JCA) and sample code for encryption and decryption
 - Explain how to create Secure Client and Server Sockets, and how to choose the Cipher Suites
 - Discuss about Java GSS security
 - List and explain the security issues with JSP
 - Explain Cross-Site scripting, countermeasures, and how to create new types of permissions
 - Explain what is a Security Policy, and describe policy tools
 - Determine the best practices for developing secure Java code
 

Module 07: Secure JavaScript and VBScript Programming
 - Discuss on Java Script and vulnerabilities associated with it
 - Describe the XSS attack, and explain how to avoid the attacks
 - Define JavaScript Hijacking and how to defend against JavaScript Hijacking
 - Explain the effects and solutions to prevent malicious script embedded in client web requests
 - Explain the Thicket Obfuscator for JavaScript tool

 - Discuss on JavaScript security in Mozilla, the Same Origin Policy and Signed Script Policy

 - Explain the Netscape's SignTool

 - List and summarize the encryption tools

 - Discuss on signing a script (Windows Script Host), verifying a script, and Signature Verification Policy

 - Determine software restriction policies for Windows XP/Vista, and Server 2008

 - Discuss on designing a software restriction policy and creating additional rules

 - Describe the procedure to block the malicious scripts
 

Module 08: Secure ASP Programming - Describe about ASP and improving ASP design

 - Determine the #include directive and .BAK files on the server

 - Explain about  detecting exceptions with scripting language error-handling mechanisms, using VBScript and Jscript to detect an error

 - Discuss about attacks on ASP

 - Explain insufficient validation of fields in SQL queries

 - Describe ASP DypsAntiSpam: A CAPTCHA for ASP and preventing automatic submission with DypsAntiSpam

 - Describe using database and ASP sessions to implement ASP security and steps for designing the mechanism

 - Explain about protecting ASP pages and encoding ASP code: Script Encoder

 - Describe protecting passwords of ASP pages with a one-way hash function and ASP best practices
 

Module 09: Secure Microsoft.NET Programming

 - Describe about common terminology, Microsoft.NET, .NET framework, and .NET framework security policy model

 - Explain the security policy levels and security features in .NET

 - Explain about Code Access Security (CAS)

 - List the steps to use CAS in ASP.NET applications

 - Describe evidence-based security, role-based security, declarative, and imperative security

 - Explain the process involved in key generation

 - Discuss the methods to protect client and server data using encryption

 - Describe the cryptographic signatures and hash code generation

 - Describe about classes implementing the public-key encryption algorithms
Create a security checklist for .NET framework and permissions

 - Describe skipverification and stack walk

 - Determine runtime security policy and list the step-by-step configuration of the runtime security policies

 - Discuss on creating a security policy deployment package

 - Describe type safety, canonicalization, Access Control List (ACL) editor, and securing user credentials and logon information, and obfuscation

 - List and explain the working of .NET obfuscator tool and Administration tools

 - Describe ASP.NET security architecture and authentication and authorization strategies

 - Explains about various authorizations in .NET

 - Develop a security checklist for ASP.NET

 - List the steps to encrypt configuration sections in ASP.NET using DPAPI and the steps for configuring security with Mscorcfg.msc

 - Discuss how to identity a ASP.NET process

 - Describe secure communication, storing secrets, and web.config vulnerabilities

 - Describe how to secure session and view state, web form considerations, and how to secure web services

 - Explain the web application security frame, and its threats, attacks, and countermeasures

 - Describe secure remoting, creating remotable object, and secure data access

 - Explain how to protect ASP.NET from SQL injection attack

 - List the steps to prevent cross-site scripting in ASP.NET

 - Describe about  .NET security tools

 - List the best practices for .NET security
 

Module 10: Secure PHP Programming

 - Describe the PHP security blunders, and give example of PHP attack

 - Determine solution for: access control flaws and session ID protection

 - Describe error reporting and data handling errors

 - Explain security sensitive PHP functions: file functions and ezmlm_hash

 - List the PHP exploits and explain them with examples

 - Describe about spoofed form submissions, spoofed HTTP requests, and sessions and cookies

 - Describe about cookie theft, exposed session data, session fixation, and session hijacking

 - List the vulnerabilities in PHP, attack vulnerabilities, and common PHP attacks

 - Discuss how to defend against file system attacks, information gathering attacks, and PHP injection attacks

 - Describe ten PHP best practices and secure PHP practices

 - Determine the best practices for PHP security

 - Explain various PHP encoders
 

Module 11: Secure Perl Programming
 - Explain the common terminology of PERL programming language, and security issues in Perl scripts
 - Explain about basic user input vulnerabilities and how to overcoming the basic user input vulnerabilities
 - Describe insecure environmental variables
 - Describe algorithmic complexity attacks and Perl: Taint, Strict, and Warnings
 - Explain Setuid command, authenticating the user with setuid, security bugs with setuid, Perl crypt() function
 - Describe logging into a secure website with Perl script
 - Describe secure log-in checklist, unicodes, and displaying unicode as text
 

Module 12: Secure XML, Web Services and AJAX Programming

 - Describe about web application and web services and its vulnerabilities

 - Describe XML introduction, XSLT and XPath, XML signature, applying XML signatures to security, and XML encryption

 - Determine security considerations for the XML encryption syntax

 - Describe canonicalization, validation process in XML, XML web services security, and security of URI in XML

 - Determine security of opaque data in XML and XML web services security the best practices

 - List and summarize XML tools

 - Describe about AJAX, anatomy of an AJAX interaction, security issues, how to prevent the attacks and the tools

 - Describe about  HP WebInspect software
 

Module 13: Secure RPC, ActiveX and DCOM Programming

 - Explain the terms: RPC, Authentication, Authentication protocol, NULL authentication, Unix authentication, and DES authentication

 - Explain about  Diffie-Hellman encryption, security methods, SSPI, and SSPs

 - Describe the secure RPC protocol and RpcServerRegisterAuthInfo

 - Determine RPC programming best practices, making RPC function calls, and RPC and the network

 - Describe ActiveX programming, preventing repurposing, and sitelock template

 - Describe about IObjectSafety interface, code signing, and creating a code signing certificate and signing an ActiveX component in Windows

 - Determine how to protect the ActiveX controls

 - Explain the concept of DCOM

 - Explain application-level security, security by configuration, and programmatic security

 - Explain heap overflow vulnerability

 - Describe the tool: DCOMbobulator and the security best practices of DCOM
 

Module 14: Secure Linux Programming

 - What is open source with respect to Linux and the security associated with it

 - Describe the basic Linux commands, networking commands, processes, and POSIX capabilities

 - Explain UTF-8 security issues, UTF-8 legal values, and secure Linux programming advantages

 - Determine the requirements for security measure assurance

 - Discuss on enabling the source address verification, Linux iptables and ipchains, and code to save the ip6tables state

 - Explain how to control access by MAC address  and permitting the SSH access only

 - Explain about network access control and layers of security for incoming network connections

 - Describe prohibiting root logins on the terminal devices and authentication techniques

 - Discuss on authorization controls, running a root login shell, and protecting the outgoing network connections

 - Explain logging into a remote host, invoking remote programs and copying remote files

 - Describe about public-key  authentication between OpenSSH client and server and authenticating in Cron Jobs

 - Describe how to protect files, file permissions, shared directory, and encrypting files

 - Explain about listing the keyring, signing files, encrypting directories, and POP/IMAP mail server

 - Describe about testing an ssl mail connection, securing POP/IMAP with SSL and Pine and SMTP server

 - Discuss on testing and monitoring, testing login passwords (John the Ripper), testing login passwords (CrackLib), and testing search path

 - Explain how to search file systems effectively, secure device special files, look for rootkits, and tracing processes

 - Describe how to observe the network traffic, detect insecure network protocols and intrusion detection with snort

 - Discuss on testing a syslog configuration and logwatch filter

 - Determine structure program internals and approach, sample code for minimizing privileges, and filters cross-site malicious content on input

 - Describe about filter HTML/URIs and avoid buffer overflow,

 - Discuss on language-specific issues: C/C++, Perl, Ada, Java, Tcl, and PHP

 - Determine Linux application auditing tool: grsecurity
 

Module 15: Secure Linux Kernel Programming

 - Explain what is a kernels

 - Describe how to build a Linux kernel and the procedures to be followed post-build

 - Determine Linux kernel configuration menu

 - Discuss on compiling a Linux kernel
 

Module 16: Secure Xcode Programming

 - Explain what is Xcode

 - Explain Mac OS X applications, Cocoa, Carbon, AppleScript, Script Editor, and Script window

 - Describe about common data security architecture and securetransport API Set and CSP

 - Discuss how to create SSL certificates on Mac OS X server, using SSL with the web server, setting up SSL for LDAP, and how to protect security information

 - Describe security in Mac OS X and security management using system preferences

 - List the recommended steps to secure Mac OS X
 

Module 17: Secure Oracle PLSQL Programming

 - Explain about PL/SQL and security issues in Oracle

 - Discuss on SQL injection attacks and how to defend against SQL injection attacks

 - Describe SQL manipulation, code injection attacks, function call injection attacks, buffer overflows, and other vulnerabilities

 - Explain DBMS_SQL  vulnerability in PL/SQL and protecting DBMS_SQL in PL/SQL

 - Discuss on types of database vulnerabilities/attacks and how to establish security policies

 - List and explain the password management policies

 - List the steps for creating an Oracle label security policy

 - Describe Oracle identity management  

 - Discuss on security tools, Oracle secure backup tool, obfuscation, and encryption using DBMS_CRYPTO

 - Describe advanced security options and low level security

 - Explain Oracle database vaults: tool, auditing, auditing methods, audit options, view audit trail, FGA, and Oracle auditing tools

 - Describe about testing PL/SQL programs and SQL unit testing tools
 

Module 18: Secure SQL Server Programming

 - Explain the SQL server security model, and how to create an SQL server login

 - Describe about database user, guest user, permissions, and roles

 - Determine the security features of MS-SQL Server 2005 and the additional security features in MS-SQL Server 2008

 - List and explain the vulnerabilities in SQL server security

 - Discuss on SQL injection attacks and methods to prevent the SQL injection attacks

 - Describe Sqlninja: SQL Server Injection and Takeover tool

 - Describe data encryption, built-in encryption capabilities, and encryption keys

 - Discuss on Transact-SQL, creating asymmetric and symmetric key in T-SQL

 - Explain how to create a certificate in T-SQL

 - Explain the method to determine SQL server security

 - Determine the database programming best practices

 - Explain the process of authentication and authorization in SQL server installation

 - Describe the process of auditing and intrusion detection

 - List and summarize the database security auditing tools
 

Module 19: Secure Network Programming

 - Explain basic network concepts  and basic web concepts 

 - Explain about network programming and benefits of the secure network programming 

 - Describe about network interface, securing sockets: server and client program 

 - Discuss on ports, UDP datagram and sockets, Internet address, and content handler 

 - Describe cookie policy, RMI connector, and .Net: Internet authentication 

 - Describe network scanning tool- Security Manager Plus, and network programming best practices
 

Module 20: Windows Socket Programming

 - Explain about Windows Sockets, Windows NT and Windows 2000 Sockets architecture, and socket programming

 - Discuss on Winsock 2.0, Winsock linking methods, how to start a Winsock 2 API, and grabbing a web page using Winsock

 - Discuss on writing client and server applications, TCP client, and server application sample code

 - Describe Winsock secure socket extensions, WSAQuerySocketSecurity, SOCKET_SECURITY_SETTINGStructure

 - Explain how to use WinSock to execute a web attack, how to use Winsock to execute a remote buffer overflow and MDACDos application
 

Module 21: Writing Shellcodes

 - Explain about shellcode and shellcode development tools

 - Describe remote shellcode, port binding shellcode, and clean port binding shellcode

 - Discuss on socket descriptor reuse shellcode and socket descriptor reuse shellcode in C

 - Describe socket descriptor reuse shellcode: sample code, local shellcode, and byte code

 - Discuss on how to break chroot jails and breaking chroot jails on Linux kernels

 - Describe Windows shellcode and list the steps to execute the shell code assembly

 - Explain the write system call, Linux shellcode for “Hello, world!”, the write system call in FreeBSD

 - Discuss on  various system calls and assembly creation
 

Module 22: Writing Exploits
 - Explain the steps involved in writing exploits and targeting vulnerabilities
 - Discuss on the remote and local exploits and a two-stage exploit
 - Describe format string attacks, fixing format string bugs, and user-supplied format string vulnerability CVE-2000-0763 in xlockmore
 - Explain TCP/IP vulnerabilities and race conditions
 - Discuss on file race conditions, signal race conditions, and input validation error in man program
 - Describe writing exploits and vulnerability checking programs and stack overflow exploits
 - Describe memory organization, stack overflows, heap corruption exploits, Doug Lea malloc, and Dlmalloc chunk
 - Discusse on OpenSSL SSLv2 malformed client key remote buffer overflow vulnerability CAN-2002-0656
 - Describe about exploitation, complication, integer bug exploits, integer wrapping, and bypassing size checks
 - Discuss on how to use the metasploit framework
 - Explain how to determine attack vector, select a control vector, find a return address, and select the search method in the metasploit Opcode database
 - Explain the how to insert the return address, verify return address reliability, and increase reliability with a Nop Sled
 - How to choose a payload and encoder and list of available encoders
 - Describe integrating exploits into framework
 

Module 23: Programming Port Scanners and Hacking Tools
 - Explain about port scanner, simple port scanners, and prerequisites for writing a port scanner
 - Describe port scanner in C++, port scanner in C#, building a simple port scanner in VC++, port scanner in Java, port scanner in ASP.Net, port scanner in Perl, and port scanner in PHP
 - Discuss on libpcap, saving captured packets to a file, and the Wiretap library
 - Explain Nessus Attack Scripting Language (NASL), and porting to and from NASL
 - Describe Metasploit Framework (MSF), executing an exploit using msfconsole and writing basic rules
 - Discuss on rule header, rule options, optimizing rules, testing rules, and writing detection plugins, and Netcat source code
 

Module 24: Secure Mobile Phone and PDA Programming
 - Explain about mobile phone programming and different OS architectures in the mobile phone
 - Discuss on Symbian Operating System and guidelines for securing Symbian OS
 - Describe about Palm OS, Palm OS vulnerabilities, HotSync vulnerability, and Creator ID switching
 - Determine Windows mobile, calling secure web services, and security practices for Windows mobile programming
 - Discuss on comparison of the common programming tasks, PDA programming, PDA security issues, and security policies for PDAs
 - Discuss on PDA security products and security vendors
 - Describe Java platform, Micro edition (Java ME), Java ME architecture, and Java ME security issues
 - Describe about the CLDC security, Mobile Information Device Profile (MIDP), MIDP security, and programming the BlackBerry with Java ME
 - Determine Security and Trust Services API (SATSA) for Java ME: the security APIs and certificate enrollment in SATSA
 - Discuss on data integrity with message digests, data confidentiality: using ciphers for data encryption
 - Explain security issues and attacks in bluetooth and bluetooth security
 - Describe various tools such as BlueKey, BlueWatch, BlueSweep, etc.,
 - Determine mobile phone security tips and defending cell phones and PDAs against attack
 - Describe the antivirus tools for mobile devices
 

Module 25: Secure Game Designing
 - Explain about game designing, console games, mobile games, online games, offline games, and Wii games
 - Determine threats to online gaming, threats to online gaming: cheating
 - Describe about various tools such as Multimedia Fusion 2, Adventure Game Studio, Game Maker, FPS and Stagecast Creator and the Scrolling Game Development Kit
 - Explain about game engine and best practices for secure game designing
 

Module 26: Securing E-Commerce Applications
 - Describe the purpose of secure E-Commerce application, and E-Business concepts: Secure Electronic Transaction (SET)
 - Discuss on using SET
 - Discuss about Secure Socket Layer (SSL) and SSL certificates
 - Discuss about VeriSign SSL certificates and Entrust SSL certificates
 - Explain about concept and functioning of: Digital certificates, Digital Signature, and Digital Signature technology
 - Describe about Digital Signature algorithm: Signature Generation/Verification and ECDSA, ElGamal signature scheme
 - Explain guidelines for developing secure E-Commerce applications
 

Module 27: Software Activation, Piracy Blocking, and Automatic Updates
 - Explain about software activation and software activation process
 - Describe about software activation and its advantages
 - Discuss on activation explained, online license management server, and activation policies
 - Describe policy control parameters, piracy, and the effects of piracy
 - Explain piracy blocking, Digital Rights Management (DRM), and software piracy protection strategies
 - Describe copy protection for DVD, Application Framework: DVD Copy Protection System, and content protection during digital transmission
 - Explain about watermark system design issues, cost effectiveness, false positives rate, and interaction with MPEG compression
 - Describe about detector placement, copy generation management, and the Crypkey tool
 - Describe about EnTrial key generation, EnTrial distribution file, and EnTrial product and package initialization dialog
 - Discuss on Windows automatic updates, options for setting up Windows automatic updates on XP and Vista, automatic updates option on: AVG antivirus, Internet Explorer, and Mozilla Firefox
 

Module 28: Secure Application Testing
 - Explain the Software Development Life Cycle (SDLC), introduction to testing, and the types of testing
 - Discuss on white box testing, types of white box testing, dynamic white box testing, integration testing, regression testing, system testing, and black box testing
 - Describe about load testing and strategies, functional testing, and list the testing steps
 - Explain how to create a test strategy, test plans, test cases, and test data
 - Discuss bug fixing, and retesting
 - Discuss on classic testing mistakes and user interface errors
 - Determine good user interfaces
 - Discuss on use of the automatic testing and tools
 - Prepare a generic code review checklist, and software testing best practices
 - List and summarize various testing tools
 - Describe real-time testing
 

Module 29: Writing Secure Documentation and Error Messages
 - Describe about error messages, the categories and what a good error message is
 - Determine error messages in well-designed applications, examples, and miscommunications in the error messages
 - Prepare a error message usability checklist
 - Describe guidelines for creating effective error messages
 - List the best practices for designing error messages
 - Explain the security issues in error messages
 - Describe about security precautions in documentation

Reference

 - http://www.eccouncil.org/courses/exam_information/ecsp_exam_312-92.aspx