GIAC Secure Software Programmer (GSSP) Certification

GSSP Overview

The GIAC Secure Software Programmer (GSSP) Certification Exam was developed in a joint effort involving the SANS Institute, CERT/CC, several US government agencies, and leading companies in the US, Japan, India, and Germany. These exams are an essential response to the rapidly increasing number of targeted attacks that are focusing on application vulnerabilities. They help organizations meet four objectives:

1. Identify shortfalls in security knowledge of in-house programmers and help those individuals close the gaps.
2. Ensure outsourced programmers have adequate secure coding skills.
3. Select new employees who will not need remedial training in secure programming.
4. Ensure each major development project has at least one person with advanced secure programming skills.

Programmers can demonstrate that they know the common security flaws found in Java and C programming, and how to avoid the problems, by passing the GSSP exams.

Certification Information

Those who gain passing scores at the foundation level will earn the GIAC Secure Software Programmer (GSSP) certification. A designation will follow the letters reflecting the language in which the certification was earned. For example, a programmer who passes the Java exam would receive the GSSP-J designation.

The GSSP certification will be valid for four years. You will become eligible to apply for re-certification one (1) year prior to your certification expiration. You must register for recertification before your certification expiration date. To re-certify, you must pass the current examination being offered.

• GSSP Certification Levels
• GSSP-C Description
• GSSP-JAVA Description
• Secure Programming Exam Blueprints

Exam Information

The GIAC Secure Software Programmer (GSSP) certification exam focuses on the real issues that create the most common vulnerabilities and security issues in applications. The exams cover much more than the typical general overview of secure programming topics. They are technical and language specific (e.g. Java or C). Many of the questions use real code examples, so practical and current programming experience in the designated language is a must.

The GIAC Secure Software Programmer (GSSP) Certification Exam is administered at established proctored testing facilities. The exam consists of 100 multiple-choice questions, is open book and has a 4 hour time limit. For detailed information on the GIAC proctor program, please see http://www.giac.org/proctor/.

Once you have completed the registration process and receive access to your certification, you will have (4) months to complete your certification. You will access your certification information from your SANS Portal account by using the " GIAC Exam Engine :: Cert Attempts / History, Practice Exams, and Assessments" link from your portal home page.

• Free Practice Tests

Exam Results

After you complete the exam, you will receive an email documenting your results. You will also have a summary report available from your portal account.

Additional Resources

Read GIAC Certification Success Stories

Blueprints

• C Exam
• Java Exam

Candidate Handbooks

• C_Handbook
• Java_Handbook

© 2000-2007 The SANS™ Institute

SANS Web Privacy Policy: www.sans.org/privacy.php - Web Contact: webmaster@sans-ssi.org
SANS SSI Press Room: www.sans-ssi.org/press / Policy On SANS Trademark Usage