Certified Professional for Software Architecture (CPSA®)
The CPSA® Advanced Level Module WEBSEC – iSAQB® Training Course in Web Security
What is “security”? How to integrate security into your Analysis and Development Lifecycle with a technical focus on web-based systems?
Credit Points for WEBSEC Training Courses
Content of the module Web Security (WEBSEC)
How to integrate security into your Analysis and Development Lifecycle with a technical focus on web-based systems
Security requirements are among the key challenges when designing and developing software. There are often a variety of potential attack points in IT systems that could be successfully exploited by potential attackers (with appropriate effort).
The lack of basic knowledge on security, high time pressure or carelessness frequently leads to seemingly small errors, which can then be exploited with fatal consequences in terms of security. Web applications, in particular, often have a potentially large, globally distributed user group with access via the Internet. As a result of this, the circle of attackers increases massively and so, too, does the likelihood of errors being discovered and exploited. In addition, web applications are often victims of automated attack attempts shortly after implementation. Information systems may only be used by the company’s own employees and are thus exposed to other attack scenarios. After all, embedded systems can now be found almost everywhere, so security issues can have a massive impact. Updates are not always possible in embedded systems.
If you take a look at the most common attack methods, they can usually be prevented by a “clean” architecture and clear communication. This curriculum aims to combine the somewhat academic world of security in software development with common technical practice.
Security cannot be considered independently of the context in which the systems are used. The reference to web applications, information systems, or embedded systems limits the thematic focus and ensures that the relevant information for the security of the respective systems is communicated. The curriculum focuses on web applications, but content about embedded systems or information systems can be inserted at the relevant points instead.
Related Blog Posts
How to Identify a Good Certificate?
There is a wide range of certificates on offer, yet most certificates and certification procedures are based on a similar process with some comparable variants…
This blog post answers the most important questions about the written part of the iSAQB Advanced Level exam…
Frequently Asked Questions
There are currently no FAQs for this topic. Please check out our FAQ page for more FAQs.