Certified SCA Practitioner (CSCAP)

Software developers (practitioners) are expected to use Secure Development Lifecycle (SDL) processes for new systems, system upgrades, or systems that are being repurposed. These processes can be employed at any stage of the system lifecycle and can take advantage of any system or software development methodology, including agile, spiral, or waterfall.

SCA Body of Knowledge (BoK)

The Secure Code Alliance Body of Knowledge (SCA BoK) contains the information necessary to understand the background information necessary to successfully pass the Certified SCA Practitioner (CSCAP) knowledge exam. The download link is: https://content.securecodealliance.com/SCA-BoK.pdf

About The CSCAP

CSCAPs are expected to: (1) Understand and operationalize the organization’s security architecture that must be followed for application development processes for development, testing, staging, and production environments. (2) Incorporate the organization’s risk management practices throughout application development processes across the entire Software/System Development Life Cycle (SDLC). (3) Develop software applications in accordance with industry-recognized secure coding practices. (4) Incorporate security and privacy measures throughout the SDLC. (5) Control changes to applications, systems, and processes across the SDLC using formal change control procedures. (6) Review custom code through a formal change management and approval process prior to release to production. (7) Remove custom application accounts, user IDs and passwords before applications become active or are released to customers. (8) Confidently review Software Bill of Materials (SBOM) documentation for security and privacy-related implications. (9) Perform software conformity assessments.