Certified Professional for Software Architecture – Advanced Level (CPSA®)
The CPSA®-Advanced Level Module WEBSEC – iSAQB® Training Course in Web Security
Web Security
What is “security”? How to integrate security into your Analysis and Development Lifecycle with a technical focus on web-based systems?
Content of the module Web Security (WEBSEC)
Analysis
Secure Development and Design
Cryptography
Web: Technical Foundations
Web: Attack Vectors
Web: Security and Infrastructure
How to integrate security into your Analysis and Development Lifecycle with a technical focus on web-based systems
Security requirements are among the key challenges when designing and developing software. There are often a variety of potential attack points in IT systems that could be successfully exploited by potential attackers (with appropriate effort).
The lack of basic knowledge on security, high time pressure or carelessness frequently leads to seemingly small errors, which can then be exploited with fatal consequences in terms of security. Web applications, in particular, often have a potentially large, globally distributed user group with access via the Internet. As a result of this, the circle of attackers increases massively and so, too, does the likelihood of errors being discovered and exploited. In addition, web applications are often victims of automated attack attempts shortly after implementation. Information systems may only be used by the company’s own employees and are thus exposed to other attack scenarios. After all, embedded systems can now be found almost everywhere, so security issues can have a massive impact. Updates are not always possible in embedded systems.
If you take a look at the most common attack methods, they can usually be prevented by a “clean” architecture and clear communication. This curriculum aims to combine the somewhat academic world of security in software development with common technical practice.
Security cannot be considered independently of the context in which the systems are used. The reference to web applications, information systems, or embedded systems limits the thematic focus and ensures that the relevant information for the security of the respective systems is communicated. The curriculum focuses on web applications, but content about embedded systems or information systems can be inserted at the relevant points instead.
The threat landscape around web applications and IT systems is becoming increasingly sophisticated. While traditional attacks such as SQL…
Additional Information
Frequently Asked Questions
Is the iSAQB responsible for the quality of its training providers’ CPSA trainings?
The iSAQB operates an elaborate quality assurance system with regard to its training providers, CPSA trainings, and trainers. Our aim is to ensure a consistently high training standard for all CPSA training courses worldwide. However, despite extensive accreditation processes, the iSAQB assumes no liability for the quality of trainings provided by its accredited training partners. Furthermore, the iSAQB assumes no liability for the results of CPSA examinations.
How is CPSA program different from TOGAF certification?
Alongside the TOGAF training, the CPSA program rates highly in companies internationally. Compared to the TOGAF training, the CPSA program generally places more emphasis on the practical implementation of IT systems.
I have lost my certificate. Can it be reissued?
If your certificate has been lost, you can contact the certification body that took your exam or the iSAQB. Generally, you can request a copy of your certificate within 10 years after the date of the exam.
Is it possible to attend Advanced Level training courses without an existing CPSA Foundation Level certification and earn credit points for it?
Software architects who do not yet have a Foundation Level certification can also participate in the Advanced Level training courses. Successful participation in the Advanced Level courses earns credit points, which are required for a possible Advanced Level exam. However, a prerequisite for applying for an Advanced Level exam is always a successfully passed Foundation Level exam.
May I call myself “Software Architect” after passing the exam?
The CPSA certification is not a vocational qualification, but a proof of knowledge in the field of software architecture. The iSAQB is not entitled to award vocational qualifications, so we propose you call yourself “Certified Professional for Software Architecture by iSAQB” after passing the exam.
In Germany it is unclear if it is legally allowed to call oneself “Software Architect”. We recommend you inform yourself about the laws regarding the vocational qualifications in your country.
What does the Advanced Level curriculum include?
For the purpose of CPSA-A training, the iSAQB has defined the three following areas of competence:
Methodical competence: a systematic approach to architectural tasks, regardless of the technologies used
Technological competence: knowledge and implementation of technology solutions used in design tasks
Communicative competence: communication, presentation, argumentation, and moderation skills as well as the ability to cooperate productively with different stakeholders
Which requirements must I fulfill to access Advanced Level certification?
Successful training and certification at CPSA‑F level (Certified Professional for Software Architecture, Foundation Level).
A minimum of three years full-time professional experience in the IT industry, including the involvement in the design and development of at least two different IT systems. Exceptions can be granted upon application (for instance involvement in open source projects).
Training and further education within the scope of iSAQB Advanced Level trainings of at least 70 credit points. All three areas of competence must be covered with at least 10 credit points each.
Successful completion of the CPSA‑A certification task, including an interview with two independent examiners appointed by the iSAQB.
Who may offer and conduct CPSA-Advanced Level training?
Trainings at CPSA-Advanced Level may only be offered and conducted by training providers accredited by the iSAQB. Accredited training providers have proven the high quality of their CPSA training offers and are committed to the iSAQB accreditation conditions.
Are participation certificates for Advanced Level training courses also issued if a training course has to be cancelled through no fault of one’s own, or if the participation is delayed?
For Advanced Level training courses, participation certificates with the designated credit points can only be issued if a participant has attended at least 75% of the training. If less than 75% have been completed, the intended credit points may not be awarded. It is necessary to repeat the entire training or to make up for the missing part in order to earn the credit points. In any case, this regulation also applies to reasons that are not the fault of the participant (e.g. illness, accidents, traffic jams, etc.).
Are credit points awarded for participation in online training courses at Advanced Level?
For online training courses at Advanced Level you will receive an official iSAQB participation certificate with the respective credit points.
Downloads
Curriculum Module WEBSEC – Web Security
Curriculum of the Advanced Level Module WEBSEC with all learning goals and terms for the individual chapters.
Advanced Level – Sample task for the CPSA‑A examination task
Sample task “BigSpender” / Topic – Information System
Advanced Level – Examination Rules
This document contains general rules regarding the CPSA-Advanced Level examination. It provides information on areas of competence, modular concept, examination requirements, costs, preparation, registration, and structure of the examination.
You need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
You are currently viewing a placeholder content from Turnstile. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
