Certified SCA Practitioner (CSCAP) - SAICO

Software developers (practitioners) are expected to use Secure Development Lifecycle (SDL) processes for new systems, system upgrades, or systems that are being repurposed. These processes can be employed at any stage of the system lifecycle and can take advantage of any system or software development methodology, including agile, spiral, or waterfall.

Certified SCA Practitioner (CSCAP) Syllabus

SCA Practitioner Syllabus

You can download the CSCAP syllabus from: https://securecodealliance.com/content/sca-practitioner.pdf

About The CSCAP

CSCAPs are expected to: (1) Understand and operationalize the organization’s security architecture that must be followed for application development processes for development, testing, staging, and production environments. (2) Incorporate the organization’s risk management practices throughout application development processes across the entire Software/System Development Life Cycle (SDLC). (3) Develop software applications in accordance with industry-recognized secure coding practices. (4) Incorporate security and privacy measures throughout the SDLC. (5) Control changes to applications, systems, and processes across the SDLC using formal change control procedures. (6) Review custom code through a formal change management and approval process prior to release to production. (7) Remove custom application accounts, user IDs and passwords before applications become active or are released to customers. (8) Confidently review Software Bill of Materials (SBOM) documentation for security and privacy-related implications. (9) Perform software conformity assessments.

Certified SCA Practitioner (CSCAP) Course Curriculum

10 Chapters · 34 Lessons

1
Secure Code Alliance (SCA) Overview
1. (Included in full purchase)
  What Is The SCA?
2. (Included in full purchase)
  What Is The Developing Security & Privacy by Design (DSPD) Initiative?
2
Certified SCA Practitioner (CSCAP) Overview
1. (Included in full purchase)
  CSCAP Expectations
2. (Included in full purchase)
  Baselining The Concept of Compliant vs Secure
3. (Included in full purchase)
  Key Learning Objectives
4. (Included in full purchase)
  End Of Chapter Review
3
Executive Order (EO) 14028
1. (Included in full purchase)
  EO 14028 Overview
2. (Included in full purchase)
  CISA Secure Software Development Attestation Form
3. (Included in full purchase)
  End Of Chapter Review
4
NIST SP 800-218 - Secure Software Development Framework (SSDF)
1. (Included in full purchase)
  NIST SP 800-218 Overview
2. (Included in full purchase)
  SSDF Organization & Practices
3. (Included in full purchase)
  SSDF Applicability
4. (Included in full purchase)
  End Of Chapter Review
5
NIST SP 800-218A - SSDP for Generative AI and Dual-Use Foundation Models
1. (Included in full purchase)
  NIST SP 800-218A Overview
2. (Included in full purchase)
  End Of Chapter Review
6
NIST SP 800-160 - Secure Engineering & Resiliency
1. (Included in full purchase)
  NIST SP 800-160 Overview
2. (Included in full purchase)
  NIST SP 800-160 Vol. 1 - Engineering Trustworthy Secure Systems
3. (Included in full purchase)
  NIST SP 800-160 Vol. 2 - Developing Cyber-Resilient Systems
4. (Included in full purchase)
  End Of Chapter Review
7
OWASP Top 10
1. (Included in full purchase)
  OWASP Top 10 Overview
2. (Included in full purchase)
  End Of Chapter Review
8
Software Bill of Materials (SBOM)
1. (Included in full purchase)
  SBOM Best Practices
2. (Included in full purchase)
  SBOM Benefits
3. (Included in full purchase)
  Current State of SBOMs
9
SDP-Related Compliance Requirements
1. (Included in full purchase)
  SDP Requirements Overview
2. (Included in full purchase)
  Executive Order (EO) 14028 - Application Security Controls
3. (Included in full purchase)
  NIST SP 800-171 - Application Security Controls
4. (Included in full purchase)
  NIST SP 800-53 - Application Security Controls
5. (Included in full purchase)
  Payment Card Industry Data Security Standard (PCI DSS) v4.0 - Application Security Controls
6. (Included in full purchase)
  Center for Internet Security Critical Security Controls (CIS CSC)
7. (Included in full purchase)
  ISO 27002:2022 - Application Security Controls
8. (Included in full purchase)
  CISA - SBOM Guidance
9. (Included in full purchase)
  Digital Millennium Copyright Act (DCMA)
10
CSCAP Knowledge Exam
1. (Included in full purchase)
  SCA Practitioner Knowledge Exam