For more information about CSM-ACE 2018, please contact: 
  • secretariat@csm-ace.my |
  • +60 3 8992 6888

Certified Secure Application Professional (CSAP)

Date 24th, 26th, 27th & 28th Sept 2018
Time 8.30 am - 5.00 pm
Venue Royale Chulan, Kuala Lumpur, Malaysia
Fee RM6610.16 (Fees Include 6% GST)
Level Certification

Certified Secure Application Professional (CSAP) is a 4 days hands-on training and certification programme that designed specifically to understand the basics of cryptography; presenting the main ideas in simple language. Important areas are highlighted, such as Stream Cipher, block ciphers, public key algorithms, digital signatures, and applications as well as a historical look at the field.

  1. Understand the basic concepts of secure coding
  2. Learn the Open Web Application Security Project (OWASP) and Common Weakness Enumeration (CWE) secure coding standards on security vulnerabilities
  3. Learn the detail of the Open Web Application Security Project (OWASP) Top Ten secure coding practices and examples of application source code security vulnerabilities
  4. To identify and to avoid the common coding mistakes
  5. To examine application source code vulnerabilities and demonstrate how the issues are exploited by attackers
  6. To ensure the participants have understand the course and apply the knowledge into software development
  1. Cyber Security Professionals
  2. Information Security officers/ ISMS Manager
  3. ICTSOs/CIOs/CISOs/CSOs/CTOs
  4. Security auditors, governance and compliance officers
  5. Application Developers, Software Engineers and Programmers

The CSAP examination is certified by the Global ACE Scheme. The examination framework is designed to align with a set of relevant Knowledge, Skills and Attitudes (KSA) that are necessary for an Information Security Awareness Manager. Candidates will be tested via a combination of either continual assessment (CA), multiple choice (MC), theory/underpinning knowledge assessment (UK), practical assessment (PA), assignments (AS) and case studies (CS) as required.

Candidates can take the examination at authorized examination centres in participating scheme member countries. Candidates who have successfully passed the CSAP examination will be eligible to apply as an associate or professional member by fulfilling the membership criteria defined under the Global ACE Scheme.

Day 1
Session 1: The Concept of Secure Coding
Session 2: Introduction of Web Security and Secure Coding organizations
Session 3: Classification of security flaws

  • OWASP TOP 10
  • CWE/SANS TOP 25
  • Secure Coding Guide in South Korea

Session 4: Configuration of test application for exercise

Day 2
Session 5: Software weakness

  • SQL Injection
    • Security Breach Examples
    • SQL Injection Definition
    • Exercise - How to test application for SQL Injection
    • Exercise - How to write secure code
  • Directory Path Traversal
    • Security Breach Examples
    • Directory Path Travesal Definition
    • Exercise - How to test application for Directory Path Tranversal
    • Exercise - How to write secure code
  • Cross-Site Scripting (XSS)
    • Security Breach Examples
    • XSS Definition
    • Exercise - How to test application for XSS
    • Exercise - How to write secure code
  • OS Command Injection
    • Security Breach Examples
    • OS Command Injection Definition
    • Exercise - How to test application for OS Command Injection
    • Exercise - How to write secure code
  • URL Redirection to Untrusted Site
    • Security Breach Examples
    • URL Redirection to Untrusted Site Definition
    • Exercise - How to test application for URL Redirection to Untrusted Site
    • Exercise - How to write secure code
  • Xpath Injection
    • Security Breach Examples
    • Xpath Injection Definition
    • Exercise - How to test application for Xpath Injection
    • Exercise - How to write secure code
  • HTTP Response Splitting
    • Security Breach Examples
    • HTTP Response Splitting Definition
    • Exercise - How to test application for HTTP Response Splitting
    • Exercise - How to write secure code
  • Reliance on Untrusted Inputs in a Security Decision
    • Security Breach Examples
    • Reliance on Untrusted Inputs in a Security Decision Definition
    • Exercise - How to test application for Reliance on Untrusted Inputs in a Security Decision
    • Exercise - How to write secure code
  • Use of a Broken or Risky Cryptographic Algorithm
    • Security Breach Examples
    • Use of a Broken or Risky Cryptographic Algorithm
    • Exercise - How to test application for Use of a Broken or Risky Cryptographic Algorithm
    • Exercise - How to write secure code

Day 3
Session 5: Software weakness (continued)

  • Cleartext Transmission of Sensitive Information
    • Security Breach Examples
    • Cleartext Transmission of Sensitive Information Definition 
    • Exercise - How to test application for Cleartext Transmission of Sensitive Information
    • Exercise - How to write secure code
  • Cleartext Storage of Sensitive Information
    • Security Breach Examples
    • Cleartext Storage of Sensitive Information Definition 
    • Exercise - How to test application for Cleartext Storage of Sensitive Information
    • Exercise - How to write secure code
  • Hard-Coded Credentials
    • Security Breach Examples
    • Hard-Coded Credentials Definition 
    • Exercise - How to test application for Hard-Coded Credentials
    • Exercise - How to write secure code
  • Use of Hard-Coded Cryptographic Key
    • Security Breach Examples
    • Use of Hard-Coded Cryptographic Key Definition 
    • Exercise - How to test application for Use of Hard-Coded Cryptographic Key
    • Exercise - How to write secure code
  • Information Exposure Through Persistent Cookies
    • Security Breach Examples
    • Information Exposure Through Persistent Cookies Definition 
    • Exercise - How to test application for Information Exposure Through Persistent Cookies 
    • Exercise - How to write secure code
  • Information Exposure Through Comments
    • Security Breach Examples
    • Information Exposure Through Comments Definition 
    • Exercise - How to test application for Information Exposure Through Comments 
    • Exercise - How to write secure code
  • Error Handling 
    • Security Breach Examples
    • Error Handling Definition 
    • Exercise - How to test application for Error Handling
    • Exercise - How to write secure code
  • Null Pointer Dereference
    • Security Breach Examples
    • Null Pointer Dereference Definition 
    • Exercise - How to test application for Null Pointer Dereference
    • Exercise - How to write secure code
  • Improper Resource Shutdown or Release
    • Security Breach Examples
    • Improper Resource Shutdown or Release Definition 
    • Exercise - How to test application for Improper Resource Shutdown or Release 
    • Exercise - How to write secure code
  • Reliance on Reverse DNS Resolution for a Security-Critical Action
    • Security Breach Examples
    • Reliance on Reverse DNS Resolution for a Security-Critical Action Definition 
    • Exercise - How to test application for Reliance on Reverse DNS Resolution for a Security-Critical Action 
    • Exercise - How to write secure code

Day 4

Workshop and Examination
  • 2 x tea break and 1 lunch for 4 day training
  • Exam Voucher worth RM1,196