CERT Secure Coding in C and C++ Professional Certificate
Certificate • Information Security
CERT Secure Coding in C and C++ Professional Certificate
The need for qualified experts to support organizations that develop secure software is now greater than ever. To meet this growing demand, we share solutions that are developed as part of our important research. The most effective way to improve software security is to eliminate vulnerabilities during development—before the software is released to users. We offer two certificates in secure coding: Secure Coding in C and C++, described here, and Secure Coding in Java. Both certificates can be earned entirely through online training.
Build More Secure Software
The CERT Secure Coding in C and C++ Professional Certificate helps software developers increase security and reduce vulnerabilities in the C and C++ programs they develop. It provides developers with practical instruction based on the CERT Secure Coding Standards, which have been curated from the contribution of more than 1,900 experts in the C and C++ programming languages.
The CERT Division has been extremely successful in developing secure coding standards, which have been adopted at the corporate level by companies such as Cisco and Oracle. The success of the secure coding standards contributed to the impetus for including software assurance requirements in the National Defense Authorization Act (NDAA) for Fiscal Year 2013.
Our certificate program helps organizations train their teams to eliminate vulnerabilities during development, which can result in reducing the total cost of repairing code compared to making repairs after development. In two courses, the CERT Secure Coding team teaches the essentials of designing and developing secure software in C and C++. Participants then demonstrate their comprehension of the concepts in an examination.
Benefits of the CERT Secure Coding in C and C++ Certificate
Completion of this Professional Certificate enables software developers to increase security and reduce vulnerability in the C and C++ programs they develop. Participants acquire a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors. In particular, participants learn how to
- improve the overall security of any C or C++ application
- thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic
- avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions
- eliminate integer-related problems: integer overflows, sign errors, and truncation errors
- correctly use formatted output functions without introducing format-string vulnerabilities
- avoid I/O vulnerabilities, including race conditions
After completing the certificate, participants may choose to be listed on the SEI website as an SEI Certificate Holder.
Who Should Get This Credential?
- C and C++ developers in government and industry organizations who want to increase the security of their code and reduce its vulnerability to attack
- IT professionals who want to obtain a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors
What Does It Cost?
Participants pay fees for courses and the exam; there is no additional fee for the certificate.
eLearning package: $1,250
Organizations considering this training for a group of participants can take advantage of eLearning group discounts or schedule a private, instructor-led, onsite training delivery. Email firstname.lastname@example.org telephone at +1 412-268-7622 for details.
How to Apply
To request your SEI Professional Certificate, contact email@example.com and identify the certificate program you have completed. After we verify your credentials, we email your certificate within four business days.
How to Earn the Certificate
To earn this certificate, complete the following courses and exam within 12 months:
|Secure Software Concepts||
|Secure Coding in C and C++||
|Secure Coding in C and C++ Examination||
Secure Software Concepts
Secure Software Concepts explores basic security concepts and how security design principles protect the organization. Risk assessment and management, regulatory requirements, and software design are examined within the context of the organization's acquisition and development lifecycles to prepare the student for a deeper study of secure coding. This eLearning course contains 2 hours of video instruction that may be studied incrementally.
Secure Coding in C and C++
Secure Coding in C and C++ provides detailed instruction about common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. This eLearning course contains 20 hours of video instruction, that may be studied incrementally, and 6 online exercises performed in the virtual lab environment.
Secure Coding in C and C++ Examination
The CERT Secure Coding in C and C++ Professional Certificate concludes with an examination of the student's comprehension of the concepts presented in the preceding courses. The exam consists of 40 multiple choice questions. Students proceed through the exam at their convenience over 6 total hours. Students must achieve a passing score of 80%.
4 - Day Course
• Network & Software Security
Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code...
Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.