GIAC Secure Software Programmer (GSSP) Certification

GSSP Overview

The GIAC Secure Software Programmer (GSSP) Certification Exam was developed in a joint effort involving the SANS Institute, CERT/CC, several US government agencies, and leading companies in the US, Japan, India, and Germany. These exams are an essential response to the rapidly increasing number of targeted attacks that are focusing on application vulnerabilities. They help organizations meet four objectives:

1. Identify shortfalls in security knowledge of in-house programmers and help those individuals close the gaps.
2. Ensure outsourced programmers have adequate secure coding skills.
3. Select new employees who will not need remedial training in secure programming.
4. Ensure each major development project has at least one person with advanced secure programming skills.

Programmers can demonstrate that they know the common security flaws found in Java and C programming, and how to avoid the problems, by passing the new GSSP exams.

Certification Information

Those who gain passing scores at the foundation level will earn the GIAC Secure Software Programmer (GSSP) certification. A designation will follow the letters reflecting the language in which the certification was earned. For example, a programmer who passes the Java exam would receive the GSSP-J designation.

The GSSP certification will be valid for four years. You will become eligible to apply for re-certification one (1) year prior to your certification expiration. You must register for recertification before your certification expiration date. To re-certify, you must pass the current examination being used for initial certification.

• GSSP Certification Levels
• GSSP-C Description
• GSSP-JAVA Description
• Secure Programming Exam Blueprints

Exam Information

The GIAC Secure Software Programmer (GSSP) Certification Exam is a proctored and timed test. You will be required to present a photo id to collect your exam materials and to gain access to the exam room. You will not be allowed to bring any resource materials or electronic devices, including laptops, PDAs and cell phones.

• Future Exam Dates
• Free Practice Tests

Sample Reporting

The GIAC Secure Software Programmer (GSSP) certification exam focuses on the real issues that create the most common vulnerabilities and security issues in applications. The exams cover much more than the typical general overview of secure programming topics. They are technical and language specific (e.g. Java or C). Many of the questions use real code examples, so practical and current programming experience in the designated language is a must.

After you complete the exam, you will receive a letter/report documenting your results. The report provides detailed breakdown of performance for each task covered on the exam. This will enable you to target your learning objectives. For successful candidates, the exam verifies knowledge in crictical areas. For others, the exam helps developers identify areas where they have knowledge gaps.

• View Sample Certification Report

Additional Resources

Read GIAC Certification Success Stories

Blueprints

• C Exam
• Java Exam

Candidate Handbooks

• C_Handbook
• Java_Handbook

© 2000-2007 The SANS™ Institute

SANS Web Privacy Policy: www.sans.org/privacy.php - Web Contact: webmaster@sans-ssi.org
SANS SSI Press Room: www.sans-ssi.org/press / Policy On SANS Trademark Usage